LDAP – Lightweight Directory

Access Protocol
A multi-tenant CCC platform should have a central repository at the back-end to be used as a centralised data store
for user management and authentication. The central user repository will store the user identity data and deliver it to
other services (e.g. central authentication service) for credential verification. Adherence to LDAP v3 standard has
been the dominant standard for central user repository. The LDAP will also facilitate Role Based Access Control
(RBAC). The Central LDAP will also integrate with ERP to synchronize member and employee user registration data

Centralized Identity and Access Management Model

• It is recommended to adopt an enterprise level centralized authentication model that is secured and ensures that
user has a single credential to access the all the services
• In this model there will a centralized authentication services with provision for centralized user registration and
user credential store. A centralized user repository (directory services) for the storage of user credentials will also
store the authorization information for the user which will be used in different application.

Central Access Management Service

• This service will provide the central authentication service for the users/groups created by verification of the user
credentials against the central LDAP user repository. When a user tries to login to any centralized application e.g.
single window portal, departmental sub-systems or ERP solution, the user credentials will be validated through the
central authentication service
• Single Sign-On service will centrally maintain user session thus preventing user from multiple login when trying to
access multiple applications.
© 2017 Fluentgrid Limited 1