# Xiid Technical Components # Xiid has created a variety of technical components for ensuring maximum security as well as creating a fluid integrated system. Each component has its own relative purpose but works in tandem with other components to build a secure user experience. Understanding these components individually will help system administrators manage and interact with the Xiid ecosystem. ## Agents ## Xiid uses the concept of “Agents” to assist in managing LDAP domain directories. An Xiid Agent runs on the domain controllers tied to an LDAP Directory service - such as Active Directory - to manage credentials and authentication in tandem with the directory service to secure the domain’s authentication systems. An Xiid Agent will need to be deployed and configured on all instances that run Active Directory across all domains. ## Authenticators ## Xiid has created Authenticator components to act as an intermediary between the Xiid Agent and the Single Sign-On applications. Authenticators define how to communicate with the Xiid Agent to generate credentials, verify identity, and coordinate authentication between the Xiid Agent and the Directory Service. Multiple Authenticators can be set up for different directories to control access between different organizations. The Authenticator requires an Active Directory user and password with adequate permissions to query the LDAP server. Due to the nature and security of Xiid Technology, it is recommended that this service account user only have permissions to query the directory and not any permissions capable of modifying or interacting with the directory service outside of basic querying. ## 2-Factor Authentication ## Xiid supports 2-Factor Authentication for accessing the Single Sign-On Portal. Xiid supports traditional forms of 2FA as well as Xiid’s patented One-Time Code (OTC) system. Xiid’s OTC system adds security to Xiid’s overall platform by eliminating the use of user credentials when a user logs into the company secure network. This ensures that no unauthorized access is granted. With Xiid’s OTC, there are No Usernames, No Passwords, No Hassle. ## Translators ## Xiid has created the concept of translators to assist with interpreting login credentials for users on a domain. A translator can take a username – or a subset of a username – and transform that username into the exact user in Active Directory. If your login usernames are distinct from your LDAP usernames, then you can use a translator to effectively convert between the two usernames and reconcile the difference as a single user. This can be illustrated most effectively using an example. Consider the user: example, whose LDAP username is example@local.domain and who has an email address example@xiid.com. Example goes to log in to a service which asks for its email address. Example enters example@xiid.com. Without translators, there is no way for your LDAP service to reconcile example@xiid.com to example@local.domain. By adding an external translator that maps xiid.com to local.domain, the translator would transform the username to example@local.domain and provide that user to LDAP for validation. The Internal to External Translator (I2E) would then convert example@local.domain back to example@xiid.com for the Identity Provider to finish the authentication and sign-in process. ## Firewalls ## Xiid offers an additional layer of network security to ensure that unauthorized access will not be granted, and that integrated services and systems can communicate while restricting outside actors from gaining access. This added layer of security comes with Xiid Firewalls. Using Xiid’s Firewall component, users can whitelist, blacklist or safelist different IP addresses, allowing communications that need to happen while blocking any potential risks. Users can create and use as many Xiid Firewalls to secure their connections as they see fit. Xiid also offers a default firewall to assist with network security. Xiid Firewalls operate at the collector level, meaning the IP addresses that you whitelist, blacklist or safelist will be restricted during authentication. Users may still attempt to sign in from a blacklisted IP address, but the authentication request will be blocked by Xiid. ## Applications ## Xiid uses the concept of Xiid Applications to wrap groups of third-party applications for management and configuration. The Xiid Applications group these third-party identity providers together and defines how they can interact with the LDAP service to authenticate users. Think of the Xiid Application as an orchestrator that defines the steps taken to go from a third-party identity provider (desktop application, web application, etc.) through the authentication and security components to the LDAP service and back. ## IdP Consumers ## Xiid has created Identity Provider Consumers to assist customers with ingesting credentials from third-party applications. An Identity Provider Consumer (IdP Consumer for short) will define how to consume the authentication credentials from different applications defined in the Xiid Applications. For each of the different types of identity providers, such as Office365, Remote Desktop Protocol, etc., users may define how those credentials should be handled through the Xiid environment. ## Users ## Xiid offers the ability to create additional login users for the Xiid Agent Management Portal to assist with managing applications and security within Xiid’s technology. Permission levels can be set on users to control access and restrict modifications to Xiid components. Customers do not need to distribute Administrator credentials to others in order to federate security management responsibilities. Just create a new user for each person and control which users are enabled, disabled, or delete old users.