Streamline Routing and Authentication with Virtualization

If identities were stored in a single repository, finding and authenticating a user would be a relatively easy process. Unfortunately, this is almost never the case. Typically, there are many user stores for all the different constituents—employees, partners, customers, suppliers—in your enterprise. These data sources can range from LDAP to SQL, and even web services. Most applications aren’t equipped to search a variety of identity repositories, let alone handle the cases where the same user is returned multiple times in a search. Even if they were, the time required to handle such a complex identification process makes it inefficient, and impractical.

The Challenge: Heterogeneous Data Sources, Overlapping Identities

Most companies, both large and small, find themselves managing a variety of disparate data stores, without the means to integrate them. This can be especially challenging if your company has gone through mergers or acquisitions.

There are five main challenges when it comes to a complete authentication solution:

1. Identities are often distributed among many heterogeneous data sources.
2. Each identity silo manages schema elements and data structures differently.
3. Each data source supports its own access mechanism.
4. User overlap is practically guaranteed.
5. Most Web Access Management applications are not equipped to handle multiple identity sources or protocols.

The Solution: A Global List

The only solution for such a multifaceted infrastructure is to combine these resources into a unique “logical list” of identities from across existing data sources. This is part of what we call “Manage Globally, Act Locally,” where identities are integrated to create a clean global list of all your users for the identification phase of authentication, while delegating the credential checking back to the authoritative sources.

RadiantOne identity federation unifies disparate data sources and identity profiles into a single namespace, all delivered to your applications with the speed of a directory. Using RadiantOne, you can build “virtual views” that provide federated LDAP access to the different authentication sources as a single, unified directory service. Now it’s easy to federate access to different existing identity repositories, all centrally accessible, yet still managed by the security domains that own the identity information.