It is not impossible to have a single user directory tree for internal users / staff, partners and customers. All that is required is unique identifiers and different levels of permission normally managed through group membership. However pretty much every organisation quite rightly separates these groups as independent trees. These independent trees are normally realised as independent directory implementations thus providing security through isolation and security zones of control. This though has not stopped me being recently asked within a large organisation if it is not possible to have a single identity management solution.
This was an evident confusion between identity management solutions and directory structures. For which I drew two examples: the first was an example directory structure (below), for ACME_Corp and my test user Chester Drawers, showing how quickly a single directory structure would become very complicated.
Continue reading “Single Identity Repository for Internal Staff, Partners & Customers and Security Zones of Control”