THE PURPOSE

Authentication and identity management can easily become a very complex task. Service providers can face the following challenges when developing their Identity Management (IdM) and authentication subsystem:

Storage of user accounts must be correctly implemented. Complex security requirements for credential storage must be fulfilled.

Users may need an extremely sensitive password reset functionality.

New users should be offered a registration form. Sometimes different forms may be needed for different user categories.

Certain level of information about user must be maintained: some is needed for password reset, other data is needed by relaying applications (e.g. authorization privileges) and yet different may be required for accounting and identification purposes.

Security sensitive sites may need strong authentication. While password strength measurement is fundamental, more sophisticated solutions, as multi-factor authentication (MFA), are becoming more and more popular.

Growing number of users require grouping, sorting, searching and maintenance automation.

HOW DOES IT INTEGRATE?

The above described identity management challenges are not the only ones that authentication systems need to address. The another big problem area is integration:

with external identity providers as Google or Facebook (“let’s allow our customers to login with their existing … account”),

with the exiting on site identity directories (“we want to integrate the system with our existing AD server”),

with the federations of identity providers (usually build on top of SAML protocol),

with clients which should be able to authenticate their users securely, without even seeing the user’s credential, using a preferred authentication protocol,

or other way round, with clients which should be able to authenticate their users as simply as possible without an overhead of secure redirect-style authentication.

HOW DOES IT WORK?

Unity allows its users to enable authentication (or login) to their web services using various protocols, with different configurations for many relaying parties.

The actual authentication can be performed using the built-in, feature-rich users database or can be delegated to one of supported upstream identity providers (IdPs).

The information obtained from upstream IdPs can be flexibly translated and merged with the local database (if needed) and re-exported using other protocols.

What is important to underline here: Unity is MORE yet than another bundle of several, coupled together systems. It is a solution built from the ground up. All pieces perfectly fit together. Startup is fast. Administration of all parts is performed in the same style. And the whole solution is fully web and cloud ready.

Unity can authenticate both locally and using authentication protocols. Authentication can be performed locally or delegated to external service.

 

General Unity use case scenario