The new Identity Service provides:
-
A new branded log-in form.
Note: If a browser locale is used, the log-in screen will use it. If not, the log-in screen will use a locale from the ones configured for the brand.
- Improved password policies.
- System defense from brute-force attacks and the breaking of weak passwords.
After installing and enabling the Identity Service:
- All the existing security policies in the OSS and BSS and password expiration settings migrate to the Identity Service.
- User credentials are copied from the OSS database to the Identity Service database. The OSS DB works as a master DB and all changes in user credentials in the OSS DB are propagated to the Identity Service DB. This is for switching back to the old scheme if any issues arise.
High-Level Architecture
The Identity Service is a microservice with its own release cycle. It is not included in the CloudBlue Commerce distribution package by default and must be installed to the platform separately.
The Identity Service consists of these three items:
- The Identity Service UI, integrated into the CloudBlue Commerce UI
- The Identity Service endpoint, installed in your Kubernetes cluster
- The Identity Service database, hosted by the system database server
Note: IDP password policies will not be applied, if Password Quality level for Child Accounts is set to None in System > Settings > Setup > Password Quality in the Classic Control Panel.