"rDirectory is really the perfect system; it does everything we need and more. It's a self-editable staff directory, a template driven account creation tool for managers, a way for users to create and self-subscribe to email lists, a self-service password reset utility, a printer directory, and a valuable tool for any help desk or support center. This, combined with the excellent reporting and emailing features, makes rDirectory one of the most versatile network tools you could ever have."
-Alan Coleman of St Joseph's Villa.

rDirectory is a unique product which empowers you to unleash the potential of Active Directory in your organization. In minutes, rDirectory allows you to deploy secure identity management, account-creation, delegation, self-service, help-desk, password management, and white-page/yellow-page solutions. However where other products stop, rDirectory is just getting started. As you discover the flexibility of rDirectory, new ideas of how you can use rDirectory to leverage Active Directory will start popping up all over.

rDirectory is in effect a development environment that allows a typical administrator to compose custom directory applications in a paint-by-numbers fashion without the need of advanced programming skills or long development cycles. To get you up and running immediately, rDirectory comes pre-configured with common applications that you can securely deploy out-of-the-box. You can quickly customize rDirectory to meet your current needs, then, at your leisure explore the many new possibilities that rDirectory opens up.

rDirectory provides 4 application templates (Search, Detail, Create, and Web) from which you can create any number of applications. Applications in turn use reusable components, such as Views and Forms. The diagram below illustrates the relationship between the key elements of rDirectory.

Search Applications

Search Applications are the most useful and flexible of all directory applications. White-pages, yellow-pages, search by skills, department or location, search for groups, file shares, or computers; you name it this Search Application can find it, list it, and link it to custom Detail Views to view, edit and manage its details. Add custom attributes, data export, query based email, dynamic filters and you get rDirectory's Search Application - the most powerful way to quickly find any directory based information.

Detail 'My Profile' Applications

Detail Applications show details of a specific object related to the operator, such as their own record (i.e. My Profile). However, rDirectory can leverage any relationship in the schema, a Detail Application could also be 'My Manager', 'My Phone', 'My Office', or even 'My Department'. Detail Applications can also force users to fill in required information before they get access to the rest of rDirectory - an invaluable feature if you can't get people to self-service their own info, or fill in their Password Reset Profile for myPassword^®.

Template-Based Object Creation and Provisioning

Create Applications can create objects from templates; templates define the optional and required fields, how they are to be edited, and can pre-populate fields so that created objects are always initialized the proper way. Accounts can be provisioned with Exchange mailboxes, groups or any directory relationship. And did we forget to mention that you can create virtually any type of object the directory defines, Users, Groups, Contacts, Rooms, InetOrgPersons, even custom objects that you've defined. That's the rDirectory way.

Edit and Manage

rDirectory can edit virtually any information in the directory, using either native operator permissions, or you can use a Proxy Account and Roles to delegate access. The forms define what users can be edited and how, and Roles can make it all dynamic so different users have different edit capabilities. Data integrity can be assured, and information can be required. Full account management functions such as password reset, password change, account unlock/disable/expire and delete allow IT tasks to be delegated to Help Desk, Manager, or HR.

Most administrators are only familiar with the common schema (classes and attributes) exposed by the Active Directory Users and Computers tool, and are surprised to learn that the standard Active Directory schema defines nearly 400 classes and 2000 attributes. Some products, such as Exchange or Cisco's VOIP solution, extend the schema with even more classes and attributes.

rDirectory does not extend the schema, it simply discovers the schema you already have and allows you to compose applications that leverage virtually any class, attribute, or relationship your schema defines.

While rDirectory does not extend the schema, or require schema extensions, it does provide an easy way to leverage new classes and attributes which you may wish to add, or have added, for your organizations unique needs.

The key security concepts of any directory application are Authentication, Authorization and Permissions. Delegation occurs when you combine these features together.

Authentication

Authentication is the process of identifying and verifying the operator's identity when they access rDirectory; the following Authentication Modes are supported:

1. Anonymous
2. Anonymous / Forms
3. Forms
4. Integrated Window
5. Integrated Windows without Impersonation
6. Integrated Windows / Forms

A unique security feature of rDirectory is its ability to use the operator's native permissions for all search and read operations once the user authenticates.

Authorization

rDirectory provides a very flexible authorization model that extends the normal notion of Roles. In rDirectory you can use the following types of Roles to authorize access to different rDirectory features:

1. Group-Based Roles
2. Roles
3. Claim-Based Roles

Group-Based Roles are the traditional, security group based notion of roles. Relationship-Based Roles and Claims-Based Roles are unique ways rDirectory can leverage data and relationships defined in the directory.

There are 24 authorization points in rDirectory where Roles can be applied to authorize a feature or capability. Roles can be used to simply create a dynamic website which allows access to different Menus, Pages, Applications, and Forms for different audiences. Using Proxy Accounts and the Edit, Create, and Manage features of rDirectory, Roles can also be used to authorize delegation of these tasks to select operators, without giving those operators native permissions in Active Directory.

Permissions

Permissions are defined in Active Directory, and a given account will have certain read, modify, and create permissions as defined in Active Directory. rDirectory does not alter the permissions stored in Active Directory, rather it uses the native permissions of the operator, or the permission of a Proxy Account, when it accesses Active Directory.

Delegation can be achieved by combining the use of Roles with Proxy Accounts. Roles to authorize select operators' access to an Edit, Create or Manage function, and a Proxy Account to effect those changes.

Auditing & Notifications

You can configure rDirectory to record all changes to any audit log on the server for Sarbanes Oxley (SOX) Compliance requirements. It will record what was changed, who made the change, and which proxy account was used (if used). You can also configure automatic email notifications of changes to IT staff, managers, HR, etc. You can confidently delegate while staying in control with auditing and notifications.