User directory one stop guide

The user directory is a database , For managing employees and other users , Create user pairs of IT Access to resources and control access . The user directory is very similar to saving phone numbers 、 Address 、 Enterprise directory of position and other data . in fact , Some enterprises also store this data in the user directory . However , This kind of practice rarely occurs in modern human resource systems .

This article will introduce the basic concept and operation principle of user directory in simple terms .

1. What is a user directory ？

To explain the basic concept of user directories , You can look at a simple table first , The table describes the personnel of the enterprise and the resources that the personnel may need , As shown in the figure below ：

The top column lists all kinds of IT resources , Such as network 、 Business applications 、 The server etc. . The leftmost column represents different users , In each row of the user, you can see what access permissions the user needs .
 
The user directory is similar to the above table , Continuous and accurate management of user directories is the key to enterprise success . Due to changes in users ,IT Addition and deletion of resources , And the daily security threats , Cloud directory service is gradually becoming an important platform for user and resource security management . A directory with backward data may lead to business interruption or excessive access rights of some employees . In practice , Each cell in the user directory may contain more substantive data , More complex than the above binary table .
 
for instance , In the actual user directory , Users may have different access levels . therefore , Specific applications, etc IT Resources may correspond to administrators 、 Read only users and read / Write user access . Besides , Each cell in the table may contain other data , Such as password complexity 、 Whether multi factor certification is required （MFA） And password rotation frequency . With the development of enterprise business , The size and depth of the user directory will increase .

2. How user directories work ？

The user directory function actually used by the enterprise is also similar to the above table , Employee name in the directory 、 The email address and user credentials are stored in the identity provider （IdP） in .
 
There may be some users in the enterprise （ Such as senior management or legal department ） Need access to all resources . however , Other users do not need to access data such as legal documents in their daily work . For example, the sales team may not need to know the lease documents of the enterprise office . So , Enterprises can lower the access level of other users , Avoid safety issues , It doesn't affect work efficiency .

Usually this access right is related to the organizational structure . So how does the directory service reflect the organizational structure and manage it ？ It is what we often call an organizational unit （OU）、 Domain component （DC）、 Domain （domain）、 Lin （forest）.

The information in the directory service stores data in a tree hierarchy , All objects in the directory service reside in the domain , One group uses the same domain name system （DNS） The domain of forms a tree , Multiple tree collections form a forest . Each object has a full path in the directory service DN（Distinguished Name, Logo name ）.DN There are three properties ：OU （Organizational Unit, Organizational unit ） Indicates a specific department 、 Location 、 Team or function ;DC （Domain Compenent, Domain component ） Represents the part of the domain name ;CN（Common Name, Common name ） Indicates the user name or computer name .

example ：

CN=test,OU=developer,DC=domainname,DC=com

In the code above CN=test May represent a user name ,OU=developer Represents the organizational unit in a directory service . The meaning of this sentence may be to explain test This object is in domainname.com Domain developer In the organizational unit .

3. Cloud directory helps enterprises get through their identities

The user directory service is mainly responsible for integrating the user identity and IT Resource docking . As the business gets more complex , The user database is also expanding . The first-class identity directory cloud platform can provide administrators with visual directory management , No need to manually manage identity docking , For example, the popular social applications in China （ Enterprise WeChat 、 anonymous letter 、 Nails, etc ）, It is favored by Internet start-ups , And take the organizational structure in these office tools as the account center of the enterprise .

As the business stabilizes , Enterprises began to standardize 、 Scale management , Gradually migrate business to local and Intranet , Based on enterprise wechat 、 nailing 、 Identity centered on mobile social accounts such as flybook cannot be connected to intranet business 、 Local terminal and other resources . The cloud directory platform provides a lightweight 、 Smooth scheme , Help enterprises establish identity management centered on directory services , At the same time, it covers both internal and external networks as well as on cloud and off cloud scenarios , Realize the comprehensive upgrade of identity management system , The management cost is saved to a great extent .