IdP + ILST Structure

Using an IDP for authenticating users

There are many ways to authenticate users within the Networked Enterprise Edition. You want to ensure 
you pick a solution that scales as your network grows.

Suggested authentication and member management structure

When using the Networked Enterprise Edition, we recommend that customers use an IdP for user authentication in combination with the ILST for managing membership (syncing from an AD).  It is also recommended that each spoke site uses its own Directory, ILST, and authentication method (e.g an IdP). 

How it works

Using these two tools, a user's membership is directly synced to their spoke, and users must authenticate with their spoke before being able to access (e.g. log in) the hub. Some content creators and administrators may be given credentials to sign in directly to the hub in order to manage enterprise-wide collaborative resources.NE%20%20Setup.png

Creating a session

Signing into either the hub, or a spoke site, creates an Igloo Session. With an active session, the user can navigate to other workplaces within the Networked Enterprise without signing in again. Access and their membership will still control what they can see and do in either the hub or any spoke site. 

Member%20and%20Authentication%20in%20Networked%20Enterprise.png

PlaybookTip_Icon.pngPlaybook Tip: Avoid syncing membership with the hub
Syncing members directly to the hub using the ILST should be avoided. Using multiple ILSTs to sync to a single workplace can cause conflicts in which members get added or removed. This is avoided by using separate ILST syncs for each spoke. When using spoke-specific member syncing, if a user is revoked from a spoke they will only be removed from that spoke. The user will still need to be removed from the hub if they are no longer part of the networked enterprise.

Viewed 148 times