Fortunately, Access Manager simplifies the management of multi-community access to Microsoft SharePoint. It does this by securely exchanging identity information between Access Manager and SharePoint through an identity federation process.
Using the WS-Federation standard, Access Manager serves as the single authentication point for all user access requests to SharePoint – regardless of where those users' identities are stored in Active Directory.
The process eliminates the need to manage individual identities in a single Active Directory identity store. The basic process flows in a near instantaneous manner:
- The user requests access to SharePoint.
- The SharePoint server passes the authentication request to the Active Directory Federation Services (ADFS) server.
- The ADFS server redirects the request to Access Manager Identity Server acting as the identity provider.
- The user logs in to Identity Server. Identity Server validates the user and his or her credentials against the identity information contained in the appropriate identity store.
- Once validated, Identity Server transforms the user identity into a set of ADFS claims (a collection of specially formatted user authentication information, such as name, identity, key, group, privilege, and so on). Identity Server sends the ADFS claim back to the ADFS server, which grants the user access to SharePoint.
A key advantage of using NetIQ Access ManagerTM to handle SharePoint users is that it supports multiple identity stores out of the box, including Microsoft Active Directory and NetIQ eDirectory. You can also customize Access Manager to support additional LDAP identity stores. That means you can preserve the identity stores that already exist within your organization. You don't have to move them to AD or consolidate them into a single identity store just to facilitate management of your SharePoint environment. It also lets you give your customers and partners access to SharePoint without having to replicate their identity stores.