Envase Identity Manager

The Envase Identity Manager service provides a set of APIs to manage Organizations, TMS, and Users with access to the Envase Technologies ecosystem of products. It also provides the means to authenticate and authorize external applications to access information from those products.

External applications will rarely require access to the Envase Identity Manager API. Instead, they will authenticate their application and users and gain permission to access other Envase services and APIs.

The Envase Identity Manager service provides a REST API targeted to internal Envase services and applications. It allows those applications and services to manage Organizations (Envase customers), TMS associated with those Organizations, and Users with access to the applications and services.

Overview

The main concern of the Envase Identity Manager service is to protect customer data, insuring that only the right applications, services, and users have access to such data. The service controls access by providing a set of resources that represent those entities and the associations between them. It is important to understand those resources and their associations to understand how the service works.

The Envase Identity Manager service provides the concept of an Organization. An Organization represents an Envase customer. This customer can be a company, entity, or individual that uses Envase products.

Customers using Envase applications and services should register an organization with the Envase Identity Manager service, so that their data can be protected.

Those Organizations registered with the Envase Identity Manager service will have individual employees or partners for which the Organization will want to provide access to their data. These individuals will be required to have a User account registered with the Envase Identity Manager service.

Important

The Envase Identity Manager service provides the necessary relationships to insure that each individual User has only one account registered in the system. When a user requires access to data from multiple Organizations or TMS, the associations can be created to insure that the user only manages one individual account.

The final concept the Envase Identity Manager service provides is that of a TMS. Envase customers can choose among the different Envase TMS products. This TMS products should be associated with their accounts to insure that only the right applications, services, and individuals can access the data from them.

The Envase Identity Manager service provides the concept of a TMS that can be associated with an Organization. The Organization Administrator can then associate Users with the TMS to enable access for those Users to the data.

The following diagram shows the different entities managed through the Envase Identity Manager service and their relationships:

The diagram shows how Fast Transportation, an Envase customer, has two TMS applications registered. The company uses Profit Tools for some of their work and Envase TMS for other. The Fast Transportation Organization has been registered with the Envase Identity Manager service, and both TMS have been associated with it.

You can also see that Fast Transportation has multiple employees. The employees in Users A have been given access to the Envase TMS, where the employees in Users B have access to the Profit Tools TMS. Employees in Users C have access to both TMS.

Important

Although users seem to be depicted as part of a group, there is no concept of a group in the Envase Identity Manager service. You can think that group access is controlled at the TMS level.

The diagram above also shows the Reliable Carrier company which is a partner of Fast Transportation. Reliable Carrier does not manage a TMS, but they have been given access to the Envase TMS instance of Fast Transportation.

Reliable Carrier has two sets of employees. The employees in Users D have access to the Envase TMS instance owned by Fast Transportation. The employees in Users E do not have access to any TMS, and they don’t need to register an account with the Envase Identity Manager service.

This model allows Fast Transportation to control access to their information at the TMS and User level. It also allows Reliable Carrier to define which employees will work with Fast Transportation.

Learn More

The different sections in this guide provide in-depth information about the Envase Identity Manager service. You want to check those sections depending on how you plan to use the service.

For Envase development partners working on external applications, you will want to check the Authentication topic in this guide. You should also check the information on the Envase Connect Gateway API documentation, as well as the information related to the Envase Connect Core API and its specification.

If you are an Envase tech-support specialist, you should check the Technical Guide for information on how to create and manage customer accounts and other information.

Envase internal development teams should check the Developer’s Guide for more information about integrating their applications and services with the Envase Identity Manager service.

Next Topics

• Authentication/Authorization
• Envase Identity Manager Technical Guide
• Envase Identity Manager Developer’s Guide
• Envase Identity Manager Use Cases