|
Web access management software provides a popular way to control access to web-based resources. Powering a web access management software package with the right identity information, however, introduces a number of critical integration hurdles that must be overcome prior to deployment.
- » Aggregating Identities: Authenticating users requires a directory-based set of usernames and passwords. Many organizations find that there is no single directory that has all that information, forcing companies to waste time recreating that information all over again, which means duplicated administrative effort or painful synchronization requirements.
- » Integrating Identities: Authorization services are based on policy, which evaluates a set of conditions and rules tied to the user's profile or memberships. Not having complete profile or membership data means that administrators need to recreate that data in order for the policy to work.
Virtualization solves all of these challenges by leveraging data where it exists and provides services as needed, all without disrupting the existing data infrastructure.
For authentication, enterprises may have a variety of directories, such as Microsoft Active Directory, Microsoft ADAM, Novell eDirectory, Sun Java System Directory Server, and OpenLDAP. But web access management packages often expect a single authoritative directory for authentication, so enterprises face complex synchronization efforts to bring all of that data into a single directory.
There are also non-standard sources of passwords, such as passwords stored in a database or custom password methods.
The RadiantOne Identity and Context Virtualization Platform, allows you to build a "virtual view" that provides federated LDAP access to the different authentication sources as a single, unified directory service. Custom authentication methods and non-traditional password repositories can be supported (configurable per branch) to handle specific requirements. (for more information look at the common use cases or the industry solutions).
The virtual view of multiple directory services makes it easy to federate access to different, existing identity repositories, all centrally accessible but distributed to the security domains that own the identity information. Using RadiantOne Identity and Context Virtualization Platform, enterprises can manage web access using identity and passwords from Active Directory, an enterprise directory, and a database of users as if it were all a single user repository.
Authorization relies on complete and accurate group or profile data to evaluate policy against. Unfortunately, traditional directory deployments require administrators to recreate this information in the user repository, even though it already exists in other locations. The alternative has been to copy data from multiple, distributed environments, which carries heavy synchronization and custom integration coding requirements,which can be complex, costly, and invasive. RadiantOne Identity and Context Virtualization Platform effectively solves authorization requirements more intelligently by delivering real-time data through the virtual directory service. RadiantOne supports the management of both, groups and profiles. Groups can be migrated into the RadiantOne VDS where they are mapped and routed accurately under the new tree structure and adapted to incorporate all users, regardless of their orgin. Groups can be combined, and users added from heterogeneous data sources together to give you more control over authorization rights and defining roles with the least amount of redundancy of work.
Back to Top ^
|
