What is Unit4 Identity Services?
Unit4 Identity Services (U4IDS) is a single identity solution and architecture for the Unit4 ecosystem that allows users to have one single identity across multiple applications to provide a single sign-on experience. U4IDS integrates with the organization's identity solution using industry standard protocols and is shared across Unit4 applications, acting as a common gateway for external authentication. U4IDS does not store any credentials locally and always relies on a trusted external identity provider for authentication.
Many organizations have an existing identity solution that U4IDS easily integrates with. For example, they might be using Microsoft Office 365 with Active Directory Federation Services, or they may have invested in enterprise Identity Access Management systems such as OKTA or PingFederate; or they may be managing their logins using a public sector identity gateway.
The figure below shows the gateway role that U4IDS performs with a variety of identity solutions that can be configured to provide authentication to Unit4 applications via U4IDS.
Unit4 Identity Services role in the Unit4 ecosystem
Unit4 Identity Services (U4IDS) acts as the single and shared OpenID Connect provider for Unit4 applications and services. Users will have a single sign-on experience across Unit4 applications as well as other software they use in their organization. Administrators can be confident that authentication policies they implement centrally, such as multifactor authentication and removal of accounts are respected when users attempt to log on to Unit4 applications. Furthermore, Unit4 applications will share the U4IDS identifier for each user and can use this to create personal experiences across the application suite.
As U4IDS is an authentication gateway, all the requirements towards external integration to identity systems and variations in protocols can be handled in the service, transparently to the different Unit4 applications. Since U4IDS is a complete implementation of the OpenID Connect protocol, it can serve different types of applications and authentication flows, involving both end users and service principals for secure machine-to-machine communication.
This approach allows Unit4 application developers to concentrate on their application domain specifics and be confident that it has world class support for different authentication options via U4IDS. Finally, administrators of the U4IDS service can manage all aspects of the service centrally and on behalf of several organizations in a multi-tenant fashion. U4IDS is hosted in the cloud, from where it can serve both on-premises and cloud applications.