Directories

A directory contains the users of your company and their contact data. Some of the characteristics of a directory:

  • Contact data in this directory is searchable for the users in your company
  • Contains users that can login and search contact data
  • Can be created (multiple) and removed
  • Can be federated to other companies
  • Can be integrated with other services (with Azure AD or G Suite for example)

When you sign up to Federated Directory, we create your first directory. The administrator account you receive during sign up is located in this directory.

Multiple Directories

Before we explain how to create and configure a directory, we first want to focus on the concept of creating multiple directories within your company.

Possibilities:

When the users in your company work or exist in different cloud services (like G Suite and Office 365) This could happen after mergers for example, but it could also be a deliberate choice of your IT department. Combine those user groups in your Federate Directory by creating a directory for every group and integrate that directory with the cloud service.

Combine multiple contact data sources within your FD environment

When the users of your company require different federation policies After you created a federation with another company, you can configure which data you want to share with that company. This is adjustable per directory. For example, if you want to share the contact data of a specific user group of your company. Put those users in a separate directory and only share the contents of this directory with other companies.

Impact:

Login prompt will ask your users in which directory their account resides We have to know the user's directory user, because a username is unique in a directory and not in a company. But also, because you can configure a different authentication method for every directory. (more about this topic later) Multiple directories have no impact on your users search experience. They will search contact data in a company and will not see or notice the underlying directories.

Create or configure a directory

Creating a new directory is easy: go to 'Directories' and select the orange '+' plus button at the bottom right.

Add a new directory button

A dialog opens in which you can configure your new directory. It might be good to know that you can always change the below settings.

Input Description
Display name Give your new directory a name. Max 100 characters.
Description Contains users that can login and search contact data.

Flip the switch if you want your users to be able to find the users in this directory when they search their Federated Directory.

Then the interesting stuff. A directory is defined by two settings:

  1. Authentication method
    • How are the users in this directory going to login?
  2. Automatic user management
    • How are the users and their contact data in this directory going to be managed (created, updated, deleted)?

Authentication Method

It's important that your users can login as easy and secure as possible to their Federated Directory. They need to save time and spend the minimum amount of time authenticating. That's why we support a wide range of authentication methods.
No authentication method for users in this directory

None

This way, users in this directory will not be able to log in at all. For security reasons, we have made this the default authentication method setting when you create a new directory. It's a great way to prevent users from logging in, while you are still setting things up for example.
No authentication method for users in this directory

Federated Directory accounts

Your users will login directly with their Federated Directory credentials. If a user has forgotten his or her username or password, it can be retrieved, as long as there is a valid email address present on the account.
No authentication method for users in this directory

Microsoft accounts

Users will login with their Microsoft account. The same set of credentials they use to login to Office 365 and other applications that are integrated with Microsoft Azure AD. [Setup authentication with Microsoft accounts](./microsoft)
No authentication method for users in this directory

Google accounts

Users will login with their Google account. The same set of credentials they use to login to their G Suite services and other applications that are integrated with Google Cloud Identity. [Setup authentication with Google accounts](./google)
No authentication method for users in this directory

SAML 2.0

Unlike the other authentication methods, SAML 2.0 is not a company specific authentication method. It's an open standard for logging users into applications. If you already have a SAML 2.0 Identity Provider (IDP) in your organization, select this option to integrate it with your Federated Directory. [Setup authentication with SAML 2.0](./saml)

Automatic User Management

The power of your Federated Directory depends on the accuracy and completeness of the contact data it contains. The best and easiest way to keep it up to date, is to create an integration with your current enterprise address book and automate the management (create, update, delete) of user data in your directory. We support the methods described below.
No authentication method for users in this directory

None

No integration and no automation. This is the best option if you currently don't have an corporate address book . Users can be created directly in our portal and users can update their own profile and photo. Bulk updates can easily be handled by uploading CSV files.
No authentication method for users in this directory

Azure AD

Push new and existing users and their profiles from Microsoft to Federated Directory, including subsequent profile updates and user removals. [Setup an integration with Azure AD](./microsoft)
No authentication method for users in this directory

G Suite Directory

Push new and existing users and their profiles from Google to Federated Directory, including subsequent profile updates and user removals. [Setup an integration with Google G Suite Directory](./google)
No authentication method for users in this directory

OneLogin

Push new and existing users and their profiles from OneLogin to Federated Directory, including subsequent profile updates and user removals. [Setup an integration with OneLogin](./onelogin)
No authentication method for users in this directory

Okta

Push new and existing users and their profiles from OneLogin to Federated Directory, including subsequent profile updates and user removals. [Setup an integration with Okta](./okta)
No authentication method for users in this directory

SCIM 2.0

System for Cross-domain Identity Management (SCIM) is an open standard for automating the exchange of user identity information between IT systems. Our user API is SCIM 2.0 compliant. Create a directory API key and integrate your system with our API. [Setup an integration with our SCIM 2.0 users API](./scim)

Select tab "logo" to change the logo of this directory. We use this logo whenever the directories of your company are displayed. For example, during the login process, when there are multiple directories to login to.

Click the "select logo" button and select an image from your local machine.

The file you select must have:

  • the JPG or PNG format
  • a maximum file size of 3MB
  • a resolution of 150 x 150 pixels (for best results)

You can resize and crop your image here.

When you have selected a logo it will appear on your screen and the "update logo" button lights up.

Press the update logo button and your new directory logo will be uploaded to our servers.

Directory keys

The best way to integrate another system with one directory, is to use a directory key. A directory key only has administrator privileges inside the directory it is created. With a directory key, the other system can create, read, update and delete the users inside that directory only.

All automatic user management solutions mentioned above require a directory key for their integration with Federated Directory.

Select tab "keys" to manage the directory keys inside a directory. Select the orange '+' plus button at the bottom right to create a new key. After the key is created, you will receive an issuer, private key and an access token. The access token can only be seen (and copied) after the creation of a new directory key. It gives direct access to all user data inside this directory, so store it safely.

The issuer & private key can be used to create an access token, based upon the OAuth2 principle. Check out our developer help section for the details.

If you do not use a directory key, remove it by clicking on the three dots menu icon behind the key.

Delete a directory

Every directory can be easily removed. However remember that all users in this directory will also be removed from Federated Directory. Their user data will no longer be available; Not only for the users of your own company but also for any company you federated with.

You can delete a directory from the 'directory overview'.

  1. Go to "directories" in the side menu
  2. Select the 'menu button' on the directory you want to delete
  3. Select 'delete directory' from the drop-down menu
Still need help? Get in touch!
Last updated on 12th Jul 2019