Hybrid architecture for SecureAuth® Identity Platform
The Identity Platform hybrid architecture is a combination of on-premises and cloud-based components. Cloud-based components include a new administrative interface, configuration storage, and services necessary to conduct authentication. The on-premises SecureAuth appliance stores all legacy administrative components and conducts local services for administrative and end user features.
After you have finished with this topic, learn more about the hybrid architecture for the SecureAuth® Identity Platform, version 21.04 and later, by viewing a detailed video.
To view the cloud architecture, see the Cloud architecture for SecureAuth Identity Platform image.
SecureAuth Identity Platform on-premises (appliance)
The on-premises appliance hosts configuration data, APIs that communicate with the cloud and New Experience, and a new secure storage database. Admin API calls are used in the UI and appliance communications. The internal Application API makes calls to the customer cloud database and Secure Storage API. The latter API stores credential information locally on the appliance, avoiding credential storage in the cloud.
SecureAuth Identity Platform client-side (browser)
Access the New Experience through a browser that connects to the U.S.-based, Amazon Simple Storage Service (Amazon S3). Admin API calls, contained in the middleware data layer, enable communications with the on-premises SecureAuth appliance.
SecureAuth Cloud
The U.S.-based Amazon Web Services S3 hosts the SecureAuth Cloud that communicates with SecureAuth Identity Platform on-premises via authenticated APIs, and includes the REST API cloud storage. The container-based, customer-specific repository stores directory and application integration data from the Web Admin configuration. Sensitive data, such as directory integration credentials and user data, are not stored in the SecureAuth Cloud.