- This line was added.
- This line was removed.
- Formatting was changed.
A description of Smart ID Identity Manager architecture overview.
Smart ID Identity Manager consists of these applications:
- Identity Manager Admin: Configuration of the system
- Identity Manager operator UI: Client user interface for the daily operational usage
- Smart ID Self-Service: End-user portal for certain person- or card-based functions
- Identity Manager Tenant: The tenant management tool for configuration and runtime system
Identity Manager has the following basic architecture:
- J2EE/Java-based server
- SQL database, connected to the application server
- User Interface:
- Identity Manager Admin: HTML5 client
- Identity Manager operator UI: HTML5 client
- Smart ID Self-Service: HTML5 client
- Identity Manager Tenant: HTML5 client
Identity Manager architecture
For more information on the supported systems and versions, see Identity Manager requirements and interoperability.
The LDAP connector enables searching and reading identity information from an LDAP directory, such as Active Directory. User authentication with directory-stored password and group-based role assignment are also supported.
Alternatively, Identity Manager can connect to different HR systems, typically via CSV file import/export.
Through the PKI connectors, Identity Manager PKI applications can request, renew, and revoke certificates from/in a certificate authority (CA). The PKI connector delivers the certificate template names that are made available by the CA for use. These templates are mapped to Identity Manager certificate types. Multiple CA connections are possible.
Smart cards and software tokens can contain any number of certificates that may be issued by different CAs.
Physical access control systems (PACS)
Through PACS connectors, it is possible to read access profile information from the PACS as well as to provision and de-provision ID cards and entitlements (profile assignment) in PACS systems. The PACS connector may be based on CSV file (asynchronous) or WebServices (synchronous) interfaces.
Identity Manager DB Server
All configuration and run time data is stored in an SQL database.
Identity Manager web server
Identity assurance, data, image and signature capturing.
Card printing and encoding, batch production.
Support, invalidation, temporary PIN, card reset.
Request, approval, invalidation.
Request, image capturing, PIN reset, renewal, etc.