What is Universal ID?
Universal ID is a server application which implements the System for Cross-domain Identity Management (SCIM 2.0) protocol (RFC-7644).
It enables enterprise applications to setup and deploy a user management API for creating, retrieving, modifying and discovering users. The server application is designed and built as a container-first application, offering low memory usage and fast boot times. By utilizing GraalVM's Native Executable support, the server can be compiled to a native image which results in a much smaller heap memory size than a normal JVM application.
Universal ID is optimized to be deployed with a container orchestrator such as Kubernetes, making it easy to deploy out of the box to your Cloud provider.
The process is simple:
- Download the container image from Dockerhub
- Add a
deployment.yamland aservice.yamlwith your Cloud provider specific settings - Create an
application.yamlwith your custom User schema or skip this and the server will use the default User core schema (RFC-7643) - Deploy
SCIM 2.0
System for Cross-domain Identity Management is an IETF standard for an application layer protocol for provisioning and managing identity data defined as JSON schemas. It supports creation, retrieval, modification and discovery of resources such as Users and Groups by using a subset of the HTTP methods (GET, POST, PUT, PATCH). For a more detailed technical review of the protocol you can have a look at RFC-7644 and RFC-7643 which defines a default core schema for Users.
The Universal part
What makes Universal ID truly universal is that it eliminates the need for yet another system to store and manage the users of different enterprise applications.
One of the most common problems when building a user database for an enterprise application arises when this database needs to be used by another application. If you have already built a user management system that can be scaled for multiple applications, then you can probably skip reading this.
If not, then it is worth mentioning that Universal ID supports the configuration of multiple User resource and extension schemas, enabling each enterprise application to define its own custom User resource, removing the need for multiple user databases and the associated costs.
Setup a single Universal ID server in a cluster; setup multiple servers with singleton instances; either way, your applications only has to integrate with one, universal, user management API.
