Skip to main content

System architecture

Soffid Architecture

Soffid 3 system is composed of up to five different components:

  • IAM console 
  • Sync server
  • Repository
  • PAM Jump server (optional)
  • LDAP Directory server (optional)
  • Enterprise SSO (optional)


IAM Console

Is the portal used by administrators to manage identity management objects and by end-users to use the self service portal. It's 100% web and can be deployed in any Windows or Linux server. Kubernetes and Docker deployments are supported as well.


Is a relational database that stores all the information about configuration, policies and identity objects, including users, accounts and permissions.

Any of the following repositories are supported:

  • Maria DB
  • My SQL
  • Oracle
  • SqlServer
  • PostgreSQL

Sync server

Is the responsible for connecting the repository with the managed systems. The integration can be in both ways, fetching changes from managed system and pushing changes from Soffid repository.

The sync server can be deployed in many different ways, allowing central, distributed and hybrid deployments, both on cloud or on premise.

PAM Jump server

Is a piece used to allow access to privileged accounts, recording the screen and every keystroke, file or clipboard transfer.

Directory server

Is a directory server based on OpenLDAP. It can only be installed on a Linux server with Docker.

Mixed architecture

In the following image you can view an example of the architecture with a mysql database managed directly from the main servers and an Active Directory and an Oracle database managed through a sync proxy installed on the same host as the managed system.