What is it ?
Ceptor User Administration server is an optional user repository - it consists of:
- A database well suited for storing user identities, their authentication challenges, attributes and other information
- Storing and assignment of user profile/group information
- Support for handling organisational structure, where a user can be a member of one or many organisational units
- Delegated administration
- Useradmin module exposing APIs for manipulating data - these APIs are protected by User Administration ACL's which can be used to limit individual administrators access.
When used in combination with Authentication Plugins in the Ceptor Session Controller - this allows for Identity Management functionality such as
- Authentication against multiple user repositories
- Combine password checking in one user repository (e.g. Active Directory) with data from Ceptor User Administration server
- No replication needed
- Customizable attributes on users, both simple attributes such as name, address etc. but also identity information used to access linked systems, such as different social security accounts or similar.
- Storing transaction log, revision logs, audit logs, non-repudiation logs etc.
Please refer to User Administration Database for diagrams and information about the database.
Ceptor User Administration Server is an optional component that is offered, but not required.
Ceptor integrates with other user repositories as well, so using Ceptor's own is not a requirement - however if you do not have your own already, or need one that is capable of supporting delegated user administration, self-administration etc. then this might be the perfect choice for you.
Ceptor's User Administration Server has been proven in production for many years with several millions of active user accounts, still supporting authentication in less than 50 milliseconds.
User Administration (UserAdmin) Servers are like Log Servers easy to cluster – a UserAdmin server does not need to know of other UserAdmin servers, they share their data through the database.
Since the database is the deciding factor in performance, there is no performance gain in clustering UserAdmin servers, but it is a good idea to do it for failover.