Page Comparison

As mentioned in a prior discussionpreviously discussed, Account Stores are in EmpowerID refer to external directories or “applications aka apps” containing applications that have their own accounts and groups. In EmpowerID, there exists To manage these accounts and groups, EmpowerID has an AccountStore table and a ProtectedApplicationResources table for storing EmpowerID’s ProtectedApplicationResource table, which store EmpowerID's definition of applications. The Understanding the relationship between these two entities can be confusingcomplex, so we’ll attempt to clarify the concept herelet's clarify it further.

In the IT landscape, especially SaaS, many applications often have their own internal and dedicated directory feature for accounts and groups that , which is not centralized or shared between different applications. Let’s refer to this scenario as the “internal directory” This is referred to as the "internal directory" model. To inventory the accounts from these applications, EmpowerID requires an Account store Store and Resource System connection to define how to connect, inventory, and manage objects in these external systems. Another security model for applications is to . In contrast, some applications utilize a centralized directory for security and not rely on a local store for accounts and groups. Let’s refer to this as the “external directory” model. Examples of this type of application would be those that relied , relying on a shared LDAP directory used by multiple applications. In this case, the applications are delegating This is known as the "external directory" model, where the management of these functions is delegated to the LDAP Directory or Account Store.

...

• Protected Application Resources like pages, controls, APIs

• SSO Connections (SAML, OpenID Connect, etc.)

• OAuth Scopes configuration

• Multi-Factor Authentication settings

• PBAC rights and roles

• Groups and roles that should be requestable for this app in the IT Shop

...

...