• Home
• Solutions
• Software
• Services
• About

• Solutions Overview
• Enterprise
• SaaS
• PaaS
• Web + Mobile

The three cornerstones

Automated on-boarding of users, a central LDAP directory for storing their profiles and web-based integration of their details into your service applications - these are the three cornerstones of our NimbusDS solutions for Software as a service (SaaS) providers.

1. Provision users automatically
   You have a great new SaaS application which is ready to take off to the skies. But how do you get your potential users on board? We are here to provide you with a bridge - two nimble web APIs for pull and push user provisioning, handled by our AuthService and Json2Ldap software.
2. Store user profiles centrally
   There are SaaS providers which store their users' details in their application database. But there is a better alternative to that ad hoc approach. An LDAP directory which not only acts as a central user reference to all your SaaS components, but also brings peace of mind and scaling with optional replication. Using LDAP internally for user profile storage also minimises provisioning "friction" between you and your corporate subscribers where LDAP is standard enterprise technology.
3. Integrate user details with JSON + HTTP
   An LDAP directory is great NoSQL store for user profiles but how do you get at the data? LDAP v3 has been the established network protocol for that, but it's binary and doesn't fit on the web. Fortunately, we now have Json2Ldap, a brilliant software that enables web-based integration (JSON / HTTP) of directory data, from your application servers or by means of Ajax calls from the browser.

Pull and push user provisioning

NimbusDS offers two web service products for onboarding subscribed users:

• Pull provisioning with NimbusDS AuthService
  Each subscribed enterprise is issued a copy of AuthService to authenticate their SaaS users against their internal corporate directory and release selected details, such as name, email address and group memberships, in order to setup or update their SaaS accounts. This is done over the web with just two simple JSON calls. This method is called pull because the provisioning of each user is initiated by the SaaS application upon login.
• Push provisioning with NimbusDS Json2Ldap
  Push provisioning can be enabled by the SaaS provider having an LDAP directory with Json2Ldap in front of it. Each subscriber is issued a directory account, accessible through the Json2Ldap web API, to initially upload and then keep current the details of their users. This method is called push because the provisioning is initiated by the subscriber, by sending user details and changes from the internal enterprise LDAP directory to the Json2Ldap endpoint on the service provider side.

A SaaS provider may employ both methods, and even complement them with additional provisioning channels such as OpenID Connect for consumers or the SAML protocol for enterprises (not covered by NimbusDS at present).

The SaaS user directory

What are the benefits of employing an LDAP directory in a service provider operation?

• You enjoy a central self-contained place for keeping all subscriber details: user names, contact and billing information, service plan parameters, various global per-user configurations.
• From this central location the user details can then be accessed by all components that make up your service infrastructure - the provisioning agents, the SSO, the main application as well as any auxiliary marketing, billing and reporting tools.
• Authentication is built in and a whole array of standard credentials such as username / password, X.509 certificates and Kerberos are supported. Directories also allow for much finer access control than a typical SQL or NoSQL database.
• The LDAP directory is proven enterprise technology for hosting user accounts, is easy to understand and navigate by humans and there are many standard tools for managing it.
• Modern LDAP directories provide for NoSQL-style clustering and replication to handle millions of users. Many of the leading implementations are open-source and have vibrant communities so the initial investment is minimal.
• Finally, if you target predominantly enterprise customers, using LDAP internally can minimise provisioning "friction".

Web integration for LDAP

LDAP v3 has been the established network protocol for accessing a directory, but it's binary and you may want to have web integration instead. Json2Ldap is a web service that can be coupled to any LDAP directory and its JSON API covers the whole spectrum of directory usage, from authentication, searches and updates to things like schema queries and extended operations.

With Json2Ldap you can access your directory

• from your server-side code;
• from JavaScript code running in the browser using regular XHR / Ajax calls (cross-origin calls are supported via W3C CORS);
• from any mobile device with web connectivity.

As mentioned above, Json2Ldap can also serve as an account provisioning endpoint and to provide users with a web API to automatically update their details and subscription preferences.

JSON web service for Single Sign-On (SSO) and shared session management

If you wish to build a modular SaaS or plan to allow third party add-ons and mini-apps to coexist alongside your main application take a look at our JsonSSO product.

JsonSSO is a web service that allows several web services, often tied together by a pluggable web UI, to share one login and the resulting user sessions. The session store is memory based for maximum performance; clustering / replication is on the roadmap.

Start small, grow in steps

Our NimbusDS solutions work for large as well as small SaaS operations. You can start with the most simple AuthService user provisioning strategy and then add additional channels. Directory web integration and replication can also be introduced in steps. Contact us to present your particular case and requirements.