What is it ?

Ceptor User Administration server is an optional user repository - it consists of:

• A database well suited for storing user identities, their authentication challenges, attributes and other information
• Storing and assignment of user profile/group information
• Support for handling organisational structure, where a user can be a member of one or many organisational units
• Delegated administration
• Useradmin module exposing APIs for manipulating data - these APIs are protected by User Administration ACL's which can be used to limit individual administrators access.

When used in combination with Authentication Plugins in the Ceptor Session Controller - this allows for Identity Management functionality such as

• Authentication against multiple user repositories
• Combine password checking in one user repository (e.g. Active Directory) with data from Ceptor User Administration server
• No replication needed
• Customizable attributes on users, both simple attributes such as name, address etc. but also identity information used to access linked systems, such as different social security accounts or similar.
• Storing transaction log, revision logs, audit logs, non-repudiation logs etc.

Please refer to User Administration Database for diagrams and information about the database.

Clustering

User Administration (UserAdmin) Servers are like Log Servers easy to cluster – a UserAdmin server does not need to know of other UserAdmin servers, they share their data through the database.

Since the database is the deciding factor in performance, there is no performance gain in clustering UserAdmin servers, but it is a good idea to do it for failover.