Technical Architecture

Technical Architecture

Since Igloo solutions are hosted in the cloud, the bulk of traditional technical architecture decisions and concerns are already covered for you. Still, there are a few items that will require your attention in this phase of the implementation.
  • Disaster recovery requirements
  • Multi-tenancy vs. Semi-single-tenancy hosting options
  • Authentication mechanism (i.e. SSO)
  • Member management
  • Key integration points
  • Domain Mapping a Custom URL

Disaster Recovery

Consider how your employees will be using your digital workplace and how long you can afford to have it down in the event of a disaster situation. For most customers, their Digital Workplace houses business-critical knowledge and conversations, where an outage could have detrimental effects on productivity.  

Igloo offers two Disaster Recovery (DR) plans: Basic and Premium to our customers. Each plan outlines specific policies, procedures, resources and outcomes in the event of a disaster.

Key goals of our disaster recovery plans are:

  • Timely restoration of service - measured by a Recovery Time Objective (RTO)
  • Minimize customer data loss - measured by Recovery Point Objective (RPO)
  • Minimize the overall impact of a disaster on our customers

Basic DR provides customers with the following service level guarantees:

  • RTO SLA: 36 hours (degraded performance), 3 weeks (full performance).
  • RPO SLA: Data loss is 100% if server hardware is destroyed.
  • Optional periodic data backup service is available (stored offsite).

Premium DR provides customers with the following service level guarantees:

  • RTO SLA: 12 hours to full performance.
  • RPO SLA: Data loss to a maximum of 6 hours.
  • Igloo asynchronously replicates customer data (near-time) to a secondary disaster recovery site.

In this stage, Igloo will be implementing your Digital Workplace according to your selected Disaster Recovery plan. Premium Disaster recovery plans are highly recommended for digital workplaces that enable employee collaboration and that contain vital company data.

Multi-tenant vs. Semi-single-tenant Hosting

Igloo offers flexible cloud hosting options to suit customer needs. When making a decision about the hosting environment for your Digital Workplace, you’ll want to consider how important these 4 differentiating attributes are to your organization:

  • Cost
  • Speed of deployment
  • Security
  • Performance optimization

Multi-tenancy (MT)

Semi-single-tenancy (SST)

The multi-tenant hosting option leverages a collection of shared services within the Igloo data center and is hosted in an environment that is shared with other customers. This is common industry practice, where customer data is partitioned logically and validated with data integrity checks. Access is governed by a role-based access control system to ensure that individual customer data is presented only to users with the appropriate access.

The primary advantages of this hosting option are:
  • Cost efficiency
  • Ability to rapidly deploy a new digital workplace

The semi-single-tenant hosting option leverages a combination of shared and dedicated services within the Igloo data center. Dedicated services include web servers, VLANs, SSL certificate, search services, and logical database instances. This option also uses role-based access controls.

The primary advantages of this hosting option are:
  • Enhanced security and reduced risk of your environment being impacted by targeted attacks on other customers
  • Ability to optimize system performance based on your unique user activity, volume, and overall system load


The next step is configuring your preferred authentication method. With Igloo, user authentication is simple. You have the option of choosing between single sign-on (SSO) with SAML or Igloo’s native sign-in method.
  • Single Sign-On (SSO) allows users to login to their digital workplace using the credentials assigned by the organizations Identity & Access Management (IAM) system, without having to stop at a login page. Igloo uses SAML 2.0 to create connections with IAM. For details on how to configure your SAML SSO, have a look at the article on configuring SAML Authentication.
  • Igloo Sign-in is a built-in authentication system, perfect for organizations who are not yet setup with an Identity & Access Management (IAM) provider like Microsoft Active Directory or OneLogin. It leverages an email and password authentication method and is also ideal for organizations who require a combination of SSO for internal employees and the use of email and password sign-in for outsourced talent and vendors.

Member Management

Deciding who will manage the overall workplace, and how you distribute the management of the workplace across department and solution spaces is a vital component of your implementation. In this stage, you will be inviting your first members to join the workplace.

It’s recommended that you start by inviting and setting up your group permissions for your managing members first. You will follow this up by adding the rest of your organization at launch.

Adding Members to Your Digital Workplace:

There are a number of ways that you can add members to your new digital workplace.
Invitations: the Igloo platform can send an invite to specific people via email. The email recipient must accept the invitation and complete the registration process including a CAPTCHA (to ensure that the response is generated by a human being).
Add members: the Igloo platform allows people to be added to the system and allows them to be assigned to specific groups. This eliminates the need to invite people manually and have them go through the registration process.
Bulk user import: the Igloo platform allows authorized users to bulk upload people into a site from a pre-formatted spreadsheet. This eliminates the need to invite people manually and have them go through the registration process.
LDAP Sync Tool (ILST): which is a dedicated, installable application which allows IT Administrators to automatically sync their corporate Active Directory with the Igloo platform. ILST syncs both Group and Personal Profile data stored corporate Active Directory (AD) to the Igloo Platform. ILST is installed and runs on the AD server, and updates the Igloo Platform to mirror the AD structure it is synced with. ILST only reads data from the corporate LDAP directory; it will not modify or remove any data. 

Custom URL

Selecting a memorable URL for your digital workplace is critical for user adoption and engagement. In previous steps you would have named your Digital Workplace. This is where you want to start for creating your memorable URL.

Once you’ve decided on a URL, the Igloo team will help you map your workplace domain to this new address. Igloo will also work with your technical teams to set up SSL for the new domain, which allows customers to transmit their communications over the internet encrypted.

Once you have purchased a domain name, here are the steps we will follow to apply the Igloo-purchased SSL cert and domain map your community to your new domain:

1.pngCustomer to confirm:
  1. The domain and full URL that will be used
  2. The domain owner that we will contact for SSL cert authorization 
  3. Who has access to update the A records and CNAME for your domain.
2.pngIgloo to send a certificate integration request via email from Provider.
3.pngDomain owner to click the link in the confirmation email to authorize the SSL certificate.
4.pngIgloo to complete the SSL setup and provide the CNAME to Customer.
5.pngCustomer to remove any A-records and update the CNAME with what is provided.
Igloo and Customer to confirm that the SSL certificate is in place (https:// appears and no certificate errors occur in supported browsers).
7.pngIgloo to point the community to the new domain.

Prepare for Your Technical Consultation

Technical resources will be needed to support activities such as authentication, domain mapping, and other technical tasks. Here's how you can prepare for your Igloo Technical Consult:

  • Identify integrations you need to have in scope so we can support with the configuration.
  • Determine if you will be using LDAP Sync or Single Sign-on (SSO).
  • Determine if you need custom profile fields for launch and what they will be.

Key Resources


Manage members knowledge base

The Members section of the Manage Members pane shows the number of members that are currently part of your community and details on each member account. You can sort the member list by last name, last login, or the date they were added to the community (Member Since).

Learn more about Manage Members

Viewed 1,320 times