LDAP Virtual Directory

Unify Your Directories

Most companies have a combination of multiple LDAP directories, Active Directories, and SQL databases containing different pieces of their users’ profile information. Having this information scattered across separate repositories creates a significant challenge for applications that rely on a single source for this critical information. Many applications and operating systems support using an LDAP directory for centralized authentication and authorization, but most only support the use of a single directory. This is often a problem since many enterprise architectures maintain separate directories for internal and external users.

The EmpowerID Virtual Directory solves this integration challenge by unifying all the directories in your organization into a single LDAP Directory access point. A virtual directory also addresses the challenge of delegated authentication by allowing separate authentication paths for internal and external users. Internal users can authenticate directly against Active Directory, while external users can be authenticated by the EmpowerID Identity Warehouse, eliminating the need to synchronize passwords. The Virtual Directory also supports acting as the primary authentication directory for Linux and Mac OS devices.

Adaptive MFA for VPN

The EmpowerID Virtual Directory Server can integrate with EmpowerID’s MFA module to provide strong LDAP authentication to applications, Linux machines, Mac OS, firewalls, network devices and VPN servers within your network infrastructure. EmpowerID verifies user credentials against the Identity Warehouse or live against connected directories like Active Directory. LDAP logins are analyzed using the same context-driven policies as web logins and enforce adaptive multi-factor authentication rules.

LDAP Data Firewall

The Virtual Directory Server supports Zero Trust security programs by acting as a proxy or barrier between the sensitive data stored in your corporate Active Directories. The same multi-tenant aware data visibility and privacy controls used in the EmpowerID web interface are enforced for data accessed through the LDAP VDS interface. Calling applications and users will only ever see the objects and attributes to which they have been granted access by EmpowerID’s attribute and organizational structure aware data privacy policies. The LDAP VDS adds a valuable security layer to protect sensitive information and reduce the load on your production directories.

Single LDAP API for Data Updates

The Virtual Directory also supports Create, Update, and Delete actions against any connected directory object. These “CRUD” actions are translated on the fly to EmpowerID visually designed workflows. This allows great flexibility to trigger sophisticated multi-step workflow processes based on simple create, update or delete actions. In all cases, access is secured and all user activities logged for auditing.

Getting Started