Multi-client setups and the data model
As mentioned, nevisIDM is able to handle multi-client setups, i.e., completely separated user populations. You will find installation instructions for the multi-client setups in the chapter Operation and Administration. At this point, we only mention certain critical aspects that have to be known when using nevisIDM in multi-client mode.
- All external IDs as well as the login ID of the user are only unique within the context of a specific client, i.e., the same external ID or login ID may exist in another client. Note that this has a direct impact on all clients using the SOAP interface: all callers will have to define the client's name or extId in their SOAP requests.
- Most of the entities in nevisIDM are client-specific as shown in the next table. There are a few exceptions: applications (and their roles) are explicitly assigned to clients, and reference data and properties of certain scopes are defined globally (no relation to clients at all).
- Client-specific configurations are stored in a policy of type
ClientPolicy.
| Entity | client-specific (1:n) | client-shared (m:n) | global |
|---|---|---|---|
| application | x (client-app assignment) | ||
| authorization | x (but may contain FK to client for client data room) | ||
| credentialcredential login infouser login info | x (via user) | ||
| enterprise authorization | x (via profile and enterprise role) | ||
| enterprise role | x (FK to client) | ||
| event queue | x (FK to client) | ||
| personal question | x (FK to client) | ||
| policy | x (FK to client) | ||
| profile | x (via user, FK to client) | ||
| properties | x (only scopes onUserGlobal, onProfileGlobal, onCredentialGlobal, onUnitGlobal) | x (all scopes) | |
| reference data (tidmr_*) | x | ||
| role | x (via application) | ||
| template collection | x (FK to client) | ||
| templatetemplate text | x (via template collection) | ||
| user | x (FK to client) |