...
Step 1 – You create a dedicated Person account with the appropriate access in EmpowerID needed and assign to that Person the UI-Admin-Cloud-Gateway Management Role. The role gives the Person access to register and ping a Cloud Gateway server. This Person account should be solely dedicated for this use and should not be linked to an actual userPerson that uses EmpowerID for their daily activities.
Step 2 – You register the Cloud Gateway Client on a server using the EmpowerID Person account created above. If the Person successfully authenticates and has the required access, EmpowerID registers the client on the server, generates a certificate and stores that certificate on the server hosting the Cloud Gateway Client. The public key is sent securely to EmpowerID as part of the registration process, where it is mapped to the Person account used to register the client. The certificate is then used to authenticate all communications between the client and EmpowerID.
Step 3 – The client securely calls EmpowerID to retrieve information needed by the client to connect to Azure.
Step 4 – The client connects to the queue in Azure using the information received from EmpowerID.
Step 5 – EmpowerID connects to the Azure queue using the same connection information sent to the Cloud Gateway Client, constituting a point-to-point connection between EmpowerID in the cloud and the on-premise Cloud Gateway Client. All such communications are secured via TLS.
...
| Insert excerpt | ||||||
|---|---|---|---|---|---|---|
|
...