Introduction
CUE User Manager is CCI / Escenic's new solution for managing user access to CUE. It provides a standard interface to a centralized Identity and Access Management (IAM) system that can be shared by all CUE-related back-end systems. Instead of the CUE Content Store having its own integrated user management functionality, it can delegate responsibility for access control to CUE User Manager.
The use of such a centralized IAM system has a number of advantages:
-
Single sign-on for users
-
Simpler user management: no problems keeping identities consistent between systems, no redundancies or duplication
-
Simpler auditing: all user activities are reported by one system in a single, consistent format
-
Reduced resource usage
-
Deal with upgrades to the IAM system: any changes in the IAM system's API will only affect CUE User Manager rather than requiring changes in all back-end systems.
CUE User Manager needs an IAM system that provides the following user management tasks:
-
Authentication: is the user who he says he is?
-
Authorization: what is this user allowed to do?
-
Identity management: what information should be stored for each user (mail address, profile and so on).
IAM systems can be configured either to act as a complete, standalone IAM system or to co-operate with other authentication systems such as Active Directory, Google and Facebook.
CUE Content Store and CUE Print are already able to make use of a common IAM system (Active Directory) to enable single sign-on for users, so what benefit does CUE User Manager offer? It can best be seen as an insulating layer between the CUE back-end systems and the IAM system, making it easier to deal with upgrades to the IAM system: any changes in the IAM system's API will only affect CUE User Manager rather than requiring changes in all back-end systems.
This guide assumes that
CUE User Manager is
installed on um.example.com and the IAM backend system
is installed on iam.example.com.