The Customer interacts with an AD server that stores user information centrally, eliminating the need for duplication, for authenticating the users against Active directory. After authentication, the VHQ STS (Security Token Service) allows the access control lists to be applied on the database. The VHQ STS authenticates the customer so that authorization and implementation can be implemented. The customer is redirected to a VHQ STS. The STS authenticates the client and issues a security token. Finally, the customer is redirected back to the VHQ where it presents the security token and the roles are mapped. The VHQ authorization process determines whether a user is allowed to take action on specific areas within the system.
EXAMPLE:
A user can be authorized to read or update or delete.
