How RadiantOne Works
Spotlight on the RadiantOne Federated Identity & Directory Service
Today’s corporate identity systems are often made up of multiple data sources (such as LDAP, AD, SQL, and web services) that have accumulated over time. One user’s data could be spread across several of these sources, slowing down the overall time it takes for authentication as the system must search many scattered sources for the information it needs. It can also hamper the deployment of solutions such as SSO based on federation standards because deploying an Identity Provider (IdP) assumes that there is a single authoritative identity source for authentication and authorization.
Without some form of integrated identity data service working behind the scenes, functions such as providing SSO to cloud and web applications, password management, and provisioning face a number of hang-ups in speed and resilience, not to mention security risks. RadiantOne FID consolidates and rationalizes all your identity data, speeding deployments, reducing integration costs, and providing flexibility for dynamic business requirements. Because it can create customized views of the data, it can serve many different applications, each with different expectations, interfaces, and access protocols.
RadiantOne FID works in two phases: First it externalizes identity and security out of your diverse identity sources. Then it correlates the data to create a global list of users with no duplicates, joining to create complete profiles, and synchronizing data to ensure accurate, up-to-date information.
Phase One: Externalize Identity and Security Context Out of Data Sources
Simply pulling identities and their security contexts out of the silos has long been a thorny issue. Every enterprise relies on the flexibility of large databases, but to enforce security, your Web Access Management (WAM) solution expects identity information in the form of a directory.
RadiantOne FID virtualization makes this fast and cost-effective by analyzing your databases and projecting an image of your identity in the form of a directory. So your application still manages identity inside existing databases and directories, while your portal and other applications can consume it as if you have the most up-to-date directory.
With RadiantOne, you get the best of both worlds: An efficient and flexible database for transactions and heavy updates and a fast, secure directory for authentication and authorization—and synchronization is smart, transparent, and auto-generated, thanks to our model-driven approach to virtualization.
Phase Two: Correlate and Sync Identity Data for Consuming Apps
Once you’ve freed your information from its data silos, you need a way to correlate identities and publish that data so applications can consume it. Most enterprises use a variety of different data repositories, each with its own protocols and schemas. So the second challenge of identity and context in the data integration space is to unify identity and data representation.
Luckily, the same infrastructure that lets you extract and virtualize identities also provides tools to correlate and synchronize identities.
Using virtualization, RadiantOne FID creates a shared representation of all identities, mapped to a common schema, to reconcile an inflexible world of databases, competing brands of directories, and custom APIs.
Identity virtualization enables organizations to:
- Correlate identities across different repositories without changing the underlying infrastructure.
- Create a common identifier linking all profiles—basically, a set of global keys to confirm that a piece of data identified one way in one system is equivalent to data identified another way in another system.
- Keep the central identity hub synchronized with all data sources.
- Publish a unified profile that applications can consume.
- Provide the right infrastructure to simplify and improve deployment of a variety of initiatives, from security and profile management to CDI and MDM.
- Download our technical white paper The Radiant Difference.