Companies that choose Engity's Identity and Access Management solution are represented within Engity by as an "Organization" and are essentially equivalent to a customer account. In our example, customer 1 is represented by "ACME Corp", customer 2 by "MyCorp", and so on.
For the purposes of our example, we will follow the company "MyCorp".
As described above, the technical term for this is "Organization".
Each organization can consist of 0-n separate directories and one customization. In our example, the company "MyCorp" has a separate directory for a test environment, but also a separate directory for a production environment. Another example is the Slack platform, where each company is represented by its own workspace or directory.
Within each directory, there are 0-n applications , represented as "App A", or "App B," and so on, and each of those can may for example refer to a web, browser-based, or native/mobile application, for example. Each directory also contains 0-n Users. Users are the end users who need access to on or more of the (above) applications.
In addition to applications and users, each directory also contains 0-n sessions . A session always has a reference to a user and an environment, and always reflects exactly one point in time:
- Time the user has been logged in
- Time at which the session will automatically expire if not renewed in accordance with the rules.
- Time at which the session was invalidated (empty = session still valid, user logged off, or automatically expired)
As written, a separate session is created for each environment the user uses. For example, if the user logs into "App A" with their laptop, a session is created for that time. If the user then logs into the same application with their smartphone, a new session is created with the time of the new login. The previous session, created after the laptop login, remains in place until the user actively ends it, or the session is automatically terminated. Each successful login therefore corresponds to exactly one session.
The terms "User" , "Application", and "Session" are references to Open ID Connect.
