Federated Identity Management
From SmartWiki
Contents
Overview
This article outlines the possible approaches to, and prerequisites for an integration with an identity management system external to SmartSimple. This entails the ongoing synchronization of accounts within your existing identity management system to and from SmartSimple.
Integration Methodology
SmartSimple supports several methods of achieving this integration. Choosing an appropriate method will depend upon factors such as the technical resources available to you, and the complexity of your organizational structure.
Method | Description | Comments |
Manual Management | Designating administrative staff to manually manage the users within SmartSimple, and perform updates or create new users. | This is recommended for clients with a small number of staff that change infrequently and can easily be managed by designated administrators. |
SmartSimple API | Developing an integration using SmartSimple API calls to update organizations and users. | This is recommended for clients with a complex organizational structure and a large number of staff. This may be a convenient option for clients with pre-existing identity federation solutions that can be leveraged. Clients will also require the technical resources, and infrastructure in order to develop, and perform the API calls. |
File Mediated | Developing an integration using file import/export techniques. This is typically performed with an SFTP service mediating the file transfer, but files can also be directly uploaded to SmartSimple via SmartSimple API. | This is recommended for clients with a complex organizational structure and a large number of staff. This may be a convenient option for clients with pre-existing identity federation solutions that can be leveraged. Clients will also require the technical resources, and infrastructure in order to develop, and perform the integration. |
Integration Prerequisites
Business Considerations
The below is a list of non-technical details that need to be determined prior to engagement.
- Which attributes do you wish to send to SmartSimple? This should be the minimum set of attributes required to define a user, and their roles as related to the business function to be implemented in SmartSimple.
- How will you transmit information regarding organizational units? Complex organizational hierarchies will need to be transmitted separately from user accounts. Consider the case where organizational units are renamed or deleted in your identity management system.
- At what frequency will the synchronization need to be performed (e.g. daily, weekly, monthly)?
- If developing an SFTP file mediated integration:
- Is SmartSimple expected to perform any other actions after file retrieval (e.g. file deletion)?
Technical Considerations
The below is a list of technical details that need to be determined prior to engagement.
- Which attribute/s constitute the unique identifier for each record?
- What state of account information will be transmitted (e.g. only a delta of account changes, all current active accounts, all accounts past and present)? SmartSimple preference is to only receive the deltas and in separate files for new user activation, user termination, and updates to existing users.
- If developing an SFTP file mediated integration:
- How will the file be formatted? SmartSimple preference would be for CSV, JSON, or XML.
- Do you have an existing SFTP service that can host the files?
- What will the naming convention of the files be (e.g. will they always have the same name, or change depending on a date/time stamp)?
- If multiple files are involved, is there an order to processing them?
- Consider the character encoding being used for the file (e.g. to handle accented names and special characters). SmartSimple recommends using UTF-8 encoding.