IDM 360™ provides a scalable, robust directory maintaining a unified repository of all employees, customers, and partners. Based on the 389DS, the most respected LDAP directory in the industry, the Global directory readily scales to hundreds of thousands to millions of users. Advanced multi-master replication can maintain service even in the event of multiple system failures. The global directory provides a single, consistent source of up-to-date account information for both internal applications as well as cloud-based services.
IDM 360™ presents a consistent view of all users
Users may be stored in different formats in multiple directories throughout the enterprise. For example, internal employees may be known by their windows user id while external users may be identified by emails. IDM 360™ consolidates IDs under a standard format such as email address. Further, a unique number is assigned to every users making management much easier in the event that a user changes their name, ID, and/or email. IDM 360™ global directory also stores all existing ID formats for each user allowing for cross-referencing for existing applications. The IDM 360™ synchronization service translates each user’s ID to the standard format in real time as it is synched from existing directories to the global directory.
IDM 360™ scales to millions of users
IDM 360™ has been tuned and tested to provide high performance response time to millions of users. Users records are indexed by all relevant attributes to provide sub-second lookup through highly efficient binary-tree searches. The IDM 360™ directory servers work in a multi-master cluster configuration where all nodes of the cluster are available to serve requests. This not only provides horizontal scalability but fault tolerance in the event of server node failure.
IDM 360™ is easy to administer
Typical Active Directory and LDAP administrative tools are complex. They require detailed knowledge of LDAP schema structure and interdependency. Directory administrators must be very careful not to corrupt the directory. These issues make it difficult to delegate directory administration to support organizations like the help desk. IDM 360™ provides an easy-to-use administrative console that can perform 80 to 90% of day to day maintenance functions against the global directory. The administration console performs the most common taskes including:
- Add, delete and update users
- Add delete update groups
- Add delete update roles
- Assign users to groups and roles
- Delegate administration of groups and roles to sub-administrators
- Upload/download users in bulk
- Assign users to groups/roles in bulk
- Set up application profiles
- Set up customer subdirectories
- Reset user passwords
- Assigment of user managers
The administration profile supports separation of internal users from customer users and separation of different customers from each other. The tool prevents security leaks by preventing users from one customer or group from being assigned to another customer’s group. It also allows clients to perform self administration by restricting their operations to their own client subtree.
IDM 360™ provides advanced synchronization services
IDM 360™ synchronizes between multiple source directories and the global directory in near-real time. This means that source directories such as Active Directory, LDAP and proprietary databases can continue to serve their local applications while their data is consistently replicated into the global directory. Further, downstream applications such as cloud-based apps or proprietary applications incapable of using a directory can also be synched using the global directory as a source. Directory synchronization is based on changes and is highly robust. If synchronization is interrupted for any reason, it resumes when available without losing records. Synchronization is rules based allowing it to provide unlimited transformation to merge heterogeneous data from multiple directories into a consistent format.