Question
|
Answer
|
How
does the Identiprise
Suite, Enterprise Edition
coexist with my current
Web-based SSO-IAM solution?
|
Client/server
security, an important
feature of the Identiprise™ Suite,
Enterprise Edition,
can be added to an
environment with
an existing Web-based
SSO-IAM solution
in one of two ways:
1. Identiprise Server communicates with SmartClients, using
proxy authentication and credential mapping as a means to close
Identiprise Server connections. In this case:
|
a.
|
The SmartClient connects
to Identiprise
Server |
|
b.
|
The
Application
Password
Map
redirects
the
connection
to
the
existing
Web-based
SSO-IAM
solution
to
obtain
the
necessary
credentials. |
|
c.
|
Once
returned
from
the
existing
SSO-IAM
solution,
Identiprise
verifies
the
credentials
and
responds
to
the
client. |
2.
The SmartClient
is configured to
interact with the
existing SSO-IAM
product directly.
|
| We
have roaming users.
How does Identiprise
handle remote authentication
and user profiles? |
SmartClients
have virtual private
network capabilities
built in. Remote users
can use these when
roaming. Or your VPN
server can authenticate
to Identiprise using
LDAP or Radius protocols.
Smart Plug-ins support access to Web-based services. |
| We
have multiple directories,
each with their own
identity information.
Can Identitprise help
us aggregate these? |
Yes,
the Virtual Directory
allows Identiprise
Server to integrate
identities from any
number of directories
or databases. It can
also manage identical
user’s that have
different identities
in those directories. |
|
 |
| Can
Identiprise synchronize
the information in
it’s Virtual
Directory? |
Actually,
the Virtual Directory
does not replicate
any information that
is stored in target
directories, so synchronization
is not usually required.
Synchronization can be an issue across target directories. If
this is true for your organization, directory synchronization
products such as Dir-XML or MIIS can be used in conjunction with
the Identiprise provisioning framework to address directory synchronization
requirements. |
| Does
Identiprise have transactional
rules to enable dynamic
look-ups in databases
and LDAP directories
to support authorization
decisions? |
Absolutely,
they are part of the
dynamic entitlements
in the Identiprise
Suite that allow flexible
access to databases
and LDAP directories
through the Virtual
Directory. Rules are
not limited to implementing
business logic, and
can perform user registration,
changes to entitlements,
and more using a standard
powerful scripting
language. |
| Does
Identiprise provide
dynamic transactional
authorization for multipartner
Web services? How? |
Identiprise
provides standards-based
Web Services interfaces
that provide access
to all Identiprise
functions including
authentication, and
dynamic authorization.
The Identiprise rules engine provided supports state-less, state-full,
and transactional models for carrying out authorization decisions. |
| Does
Identiprise have APIs
that allow developers
to bundle authentication
and authorization requests
from legacy and new
applications? |
Yes,
our APIs are supported
as a C-language library
on almost any POSIX-compliant
platform. They are
also available using
Visual Basic via an
Active-X adapter, and
are .NET compliant.
In many cases, the use of APIs are not required when using the
Identiprise Suite, as our PSM technology and SmartClient eliminates
the need to do timely re-coding. |
