How RadiantOne Works

How the RadiantOne Federated Identity Service Works

Today’s corporate identity systems are often made up of multiple data sources (such as LDAP, SQL, and web services) that have accumulated over time. One user’s data could be spread across several of these sources, slowing down the overall time it takes for authentication as the system must search many scattered sources for the information it needs. It can also hamper the deployment of solutions such as SSO based on federation standards because deploying an Identity Provider (IdP) assumes that there is a single authoritative identity source for authentication and authorization.

Without some form of integrated identity data service working behind the scenes, functions such as providing SSO to cloud and web applications, password management, and provisioning face a number of hang-ups in speed and resilience, not to mention security risks.

RadiantOne consolidates and rationalizes all your identity data, speeding deployments, reducing integration costs, and providing flexibility for dynamic business requirements. Because it can create customized views of the data, it can serve many different applications, with different expectations, interfaces, and access protocols. It works in two phases: First it externalizes identity and security out of your diverse identity sources. And second, it correlates the data to create a global list of users with no duplicates, joining to create complete profiles, and then synchronizes the data to ensure accurate, up to date information.

Phase One: Externalizing Identity and Security Context Out of Data Sources

Simply pulling identities and their security contexts out of the silos has long been a thorny issue. Every enterprise relies on the flexibility of large databases, but to enforce security, your Web Access Management (WAM) solution expects identity information in the form of a directory.

RadiantOne virtualization makes this fast and cost-effective by analyzing your databases and projecting an image of your identity in the form of a directory. So your application still manages identity inside existing databases, while your portal and other applications can consume it as if you have the most up-to-date directory.

With RadiantOne, you get the best of both worlds:

  • An efficient and flexible database for transactions, and heavy updates.
  • A fast, secure directory for authentication and authorization

And synchronization is smart, transparent, and auto-generated, thanks to our model-driven approach to virtualization.

Phase Two: Correlate and Synchronize Identity Data, Making it Ready to Consume

Once you’ve freed your information from its data silos, you need a way to correlate identities and publish the data so applications can consume it. Most enterprises use a variety of different data repositories—directories, databases, and web services—each with its own protocols and schemas. So the second challenge of identity and context in the data integration space is to unify identity and data representation.

Luckily, the same infrastructure that lets you extract and virtualize identities also provides tools to correlate and synchronize identities.

Using virtualization, RadiantOne creates a shared representation of all identities, mapped to a common schema, to reconcile an inflexible world of databases vs. directories, competing brands of directories, and custom APIs.

Deliver a Global Identity

RadiantOne allows you to create global profiles, shielding your WAM/Portal SSO solution from complexity of backend data sources.

Identity virtualization enables organizations to:

  • Correlate identities across different repositories without changing the underlying infrastructure.
  • Create a common identifier linking all profiles—basically, a set of global keys to confirm that a piece of data identified one way in one system is equivalent to data identified another way in another system.
  • Keep the central identity hub synchronized with all data sources.
  • Publish a unified profile that applications can consume.
  • Provide the right infrastructure to simplify and improve deployment of a variety of initiatives, from security and profile management to CDI and MDM.
Resources: