It’s possible to hook up a centralized user data store with SkyVault Process Services. Any server supporting the LDAP protocol can be used. Special configuration options and logic has been included to work with Active Directory (AD) systems too.
From a high-level overview, the external Identity Management (IDM) integration works as follows:
-
Periodically, all user and group information is synchronized asynchronously. This means that all data for users (name, email address, group membership and so on) is copied to the SkyVault Process Services database. This is done to improve performance and to efficiently store more user data that doesn’t belong to the IDM system.
-
If the user logs in to SkyVault Process Services, the authentication request is passed to the IDM system. On successful authentication there, the user data corresponding to that user is fetched from the SkyVault Process Services database and used for the various requests. Note that no passwords are saved in the database when using an external IDM.
Note that the LDAP sync only needs to be activated and configured on one node in the cluster (but it works when activated on multiple nodes, but this will of course lead to higher traffic for both the LDAP system and the database).