Versions Compared

Old Version 5

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

To counter issues like these and speed up response times, many virtual directories store the data they pull in caches or, in more advanced scenarios, employ "sync stores." Sync stores are abbreviated versions of Identity Warehouses that give virtual directories the ability to pull data into a more centralized repository where it can be maintained and synchronized with the authoritative backend systems as necessary. This scenario is represented by the below image.

...


EmpowerID's Implementation of the Virtual Directory

The EmpowerID Virtual Directory is EmpowerID's implementation of an LDAP virtual directory server. It was built using a stateless Node.js architecture. Node.js is a platform built on Chrome's JavaScript runtime for building fast, scalable network applications, and uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices.

...

Additionally, because the EmpowerID LDAP Server is an extension of EmpowerID, identities for external users, such as customers or partners, can be created and granted access to internal resources without the need for creating new silos or adding additional user accounts to your existing directories. Instead, you can create an EmpowerID Person, which itself is an LDAP object, for each of these users and then grant those Person objects abilities within your directories as needed. Once users have an EmpowerID Person, you can apply any of your EmpowerID policies against them, from requiring they use second-factor authentication to access (RBAC-trimmed) resources to allowing them to use SSO to federate their EmpowerID identities with other trusted entities

Authenticating to the EmpowerID LDAP Server

As with any type of access to resources in EmpowerID, the EmpowerID Virtual Directory requires users to be identified by and authenticated against the EmpowerID Identity Warehouse before they can do anything within EmpowerID. This means that users of the EmpowerID LDAP Server must have an EmpowerID Person object linked to at least one of the user accounts in the account stores that comprise the virtual directory.

...

Info

Users without an EmpowerID Person can view data as an anonymous user; however, any attempts to run operations against that data will be denied.

How the EmpowerID LDAP Server Identifies Users

As the EmpowerID LDAP Server provides for a number of authenticating methods, users can identify themselves equally to the LDAP Server in one of the following ways. Along with a valid password, they can enter:

...