As discussed in a prior module, Account Stores are external directories or “applications” containing their own accounts and groups. In EmpowerID, there exists an AccountStore table as well as a ProtectedApplicationResources table for storing EmpowerID’s definition of applications. The relationship between these two entities can be confusing, so we’ll attempt to clarify the concept here.
In the IT landscape, especially SaaS, many applications have their own internal and dedicated directory feature for accounts and groups that is not centralized or shared between different applications. Let’s refer to this scenario as the “internal directory” model. n order to inventory the accounts from these applications, EmpowerID requires an Account store and Resource System connection to define how to connect, what to inventory, and how to manage objects in these external systems. Another security model for applications is to utilize a centralized directory for security and not rely on a local store for accounts and groups. Let’s refer to this as the “external directory” model. Examples of this type of application would be any that relied on a shared LDAP directory that was used by multiple applications. In this case, the applications are delegating the management of these functions to the LDAP Directory or Account Store.
When do I need an application?