Identity Integration

urn:js:virtue:aspire:proposal:22.1

TL;DR

Identity is integrated for Sainsbury’s group through a central service

Rational

Adding a new service for all users in the Sainsbury’s group requires only an integration of that new service, and not an integration per domain controller

Adding a new domain controller to the Sainsbury’s group requires only an integration of that new domain controller, and not an integration per service

Without identity integration, adding new domain controllers or new services requires a large number of integrations:

Note that some applications will not support this in a straightforward manner. For example Microstrategy only supports integration to one AD domain at at time if authorisation features are used i.e. using the AD groups to allocate the Microstrategy groups. We could not integrate Microstrategy directly to both Sainsbury’s and Argos in this way. The recommended solution from Microstrategy is to have an umbrella domain which has other domains such as Sainsbury’s and Argos mapped underneath it, which looks more like the “identity integration” solution below.

With identity integration, adding a new domain controller or a new service requires only a single integration:

Implications

None.