Univention Nubus Brings Applications to Users

The classic IAM task – simple, secure, and centrally managed

Almost every organization faces the same challenge: employees work with a wide variety of applications – specialized software, collaboration tools, cloud services, and internal systems. Access should be as simple as possible for users, while the organization needs control over who can access which data and services.

This is exactly where Identity & Access Management (IAM) comes in. With Univention Nubus, applications and users can be connected centrally – securely, conveniently, and scalably.

The needs of users and organizations may initially seem contradictory, but a well-designed IAM can bring them together:

Users want:

• A single account instead of multiple login credentials
• Fast, seamless access to all applications
• A clear interface to quickly find the tools they need

Organizations require:

• Freedom to choose their applications
• Control over access and permissions
• Secure authentication, ideally with two-factor authentication (2FA)
• Transparent and traceable processes for onboarding and offboarding users

The foundation of a functional IAM is a central location where all identities and permissions are managed – the so-called Single Source of Truth.

In Nubus, this role is fulfilled by the central directory, which manages:

• Identities
• Groups and roles
• Access rights
• Authentication methods (passwords, 2FA, etc.)

At the same time, IAM covers the user lifecycle:
It controls who joins the organization, who leaves, and what changes are made to accounts and permissions. New employees automatically receive the appropriate access, role changes take effect immediately, and access is reliably revoked when someone leaves. This prevents orphaned accounts or uncontrolled permissions.

An IAM only realizes its full potential when applications are seamlessly integrated. Nubus relies consistently on open and established standards.

Single Sign-on (SSO)
SSO allows users to log in once and then access multiple applications. Depending on the type of application, different methods are used:

• Kerberos for intranet applications
• OpenID Connect (OIDC) or SAML for web applications

In practice, this means one login in the morning is enough to access all relevant systems throughout the workday – without repeated password prompts. This not only improves convenience but also significantly reduces password issues and support requests.

User Lifecycle Integration
Beyond login, managing user accounts in connected applications is crucial. Nubus supports both common models:

• Pull mechanisms, where applications retrieve user data from the directory service (e.g., via LDAP)
• Push mechanisms, where accounts are actively provisioned in target systems (e.g., via APIs like SCIM)

Open interfaces are a core principle: they are documented, freely usable, and widely adopted. This allows organizations to flexibly integrate new applications and continue using existing systems.

Groups serve as the unifying element, representing the smallest common denominator for roles and permissions. Once defined, groups can be consistently used across multiple applications – providing clarity and reducing complexity.

For end users, the benefits of IAM are most apparent in daily work. Instead of dealing with multiple credentials and entry points, they experience a consistent and easy-to-understand environment.

With seamless Single Sign-on, repeated logins are eliminated. Applications open directly, without additional hurdles. This saves time and reduces frustration – especially with frequently used systems.

This is complemented by a central web portal displaying all available applications and services in a clear overview. Users don’t have to remember which application serves which purpose or how to access it. Instead, all relevant tools are available in one place – structured, quickly accessible, and tailored to their role.

Especially in organizations with many specialized applications, this results in a significantly better user experience and higher acceptance of the IT environment.

In addition to the user perspective, the administrative side is also crucial. An IAM must be powerful but also efficient to operate daily.

With Nubus, repetitive tasks can be automated – such as creating new users, assigning groups, or revoking permissions. Through interfaces like the UDM REST API, these processes can be integrated into existing HR or ITSM systems.

At the same time, an intuitive web interface is available for everyday work. Administrators can manage user accounts, adjust permissions, or configure two-factor authentication.

This combination of automation and a user-friendly interface ensures that both large organizations with many users and smaller IT teams can work efficiently.

IT environments are continuously evolving – new applications are added, others retired. An IAM must therefore be flexible and extensible.

Nubus relies on standardized APIs and open integration mechanisms. New applications can be connected systematically without proprietary interfaces or costly custom development.

Pre-packaged integrations for widely used applications are particularly helpful. They allow a fast start, as many typical configuration steps are already prepared. Organizations can quickly generate value and gradually integrate their existing application landscape.

Through automation and standardization, the environment remains manageable even as it grows.

Ultimately, both the organization and its users benefit significantly from a central IAM with Nubus.

For organizations, this means:

• Transparency and control: knowing who has access to which systems, managing permissions, and reliably meeting security requirements
• Reduced administrative effort through automated processes

For users, this means:

• A simplified work environment: one account, one login, one central entry point
• Quick access to applications that work seamlessly together

This creates an IT environment that is both secure and user-friendly – a key foundation for productive work.

Connecting applications and users is the classic task of IAM – and one of the central prerequisites for a modern, high-performance IT infrastructure.

With Univention Nubus, this task can be implemented holistically:
A central “Single Source of Truth,” open interfaces, integrated user lifecycle, and convenient Single Sign-On ensure that organizations retain control and users can work efficiently.

IAM thus becomes not just a security tool but a real enabler for digital collaboration.

Next Step to Central IAM

Discover how Univention Nubus brings your applications, identities, and access rights together in one platform – open, secure, and future-proof.

Learn more about Nubus now