Data store integration overview

For user authentication, the SecureAuth® Identity Platform integrates with data stores (directories and databases) in your organization. When a user attempts to log in to an application resource, the SecureAuth Connector establishes communication between the data store and the Identity Platform to check if the user has access.

As an administrator, you define the data stores from which to pull user data to validate active users or as an authentication data profile directory. User profiles remain in your data store and are never saved in the Identity Platform, which keeps data in your control with no duplicate content to manage elsewhere.

In the Identity Platform, the Active Directory (AD) and SQL Server directory integrations are supported in the New Experience user interface. The Classic IdP Experience supports other directory integrations in addition to AD and SQL. When you add a data store and its mapping properties, the data store connection information is collectively saved as an object which can be associated with any number of policies and applications in the Identity Platform. You can also associate multiple data stores with a single post authentication application resource.

To see a list of profile field mapping properties and which profile properties are generated and stored in the SecureAuth cloud, see List of stored profile field properties.

Note

A data store added in the Identity Platform cannot be edited in the Classic IdP Experience user interface.

Prerequisites

  • SecureAuth® Identity Platform version 19.07 and later

  • Active Directory / SQL Server (membership directory / profile directory) stored on your local data store server. The directory will be integrated with the Identity Platform so that user information can be extracted from the data store directory to complete authentication and assertion functionality.

  • Service account set up for the Identity Platform to access the data store. The service account must be granted read privileges and optional write privileges to update user information.

  • SecureAuth Connector installed to establish communication between the data store on a local server in your organization and the Identity Platform

Note

To migrate from SecureAuth IdP (on-prem) version 9.3 with an existing AD data store configured using the New Experience UI to the Identity Platform (cloud), you will need to reenter the data store credentials after downloading and installing the SecureAuth Connector

Next steps

For cloud deployments, first install the SecureAuth Connector. Then, for cloud or hybrid deployments, add a data store.