The corporate directory server is the centralized controlling entity for all other application servers for user authentication and other user identity management functions. This enables the system administrator to efficiently manage on-boarding and off-boarding of employees from a single place.
In a typical setup of an organization:
The corporate directory server runs inside the intranet boundary and remains accessible to all internal applications.
- For rest of the externally hosted applications and cloud based services, the organization sets up a SAML IDP (Identity Provider). This SAML IDP internally talks to the corporate directory server for user authentication and user profile data access.
- kPoint cloud acts as a SAML SP (Service Provider) and talks to this SAML IDP over HTTPS for user authentication.
- The IDP returns the result in the form of SAML assertions.
- kPoint cloud listens to these assertions, extracts authentication result and other user profile dataÂ and then seamlessly establishes the kPoint session for the end user on successful authentication.
Thus kPoint cloud securely and seamlessly leverages the user authentication service offered by the corporate directory server via SAML.