PulseVault Identity & Directory Integration Philosophy
PulseVault is designed to plug into existing enterprise identity and directory infrastructure, not replace it.
Organizations are at different stages of identity maturity. Some are cloud-native with modern IdPs and SCIM. Others still rely on LDAP directories, HR systems, or flat exports. PulseVault meets customers where they are, while providing a clear upgrade path to modern standards.
Core Principle
PulseVault does not own identity.
It integrates with your existing systems of record and respects your organizational structure.
PulseVault separates:
- Authentication (who is logged in)
- Identity lifecycle (who exists and is active)
- Organizational structure (who reports to whom, peers, leaders)
- Content routing & visibility (who should see which knowledge)
This separation allows PulseVault to work cleanly across many environments.
Supported Integration Surfaces
PulseVault supports multiple directory and identity inputs, which can be used independently or together.
1. Identity Providers (IdPs) – Authentication
PulseVault integrates with enterprise IdPs using OIDC / OAuth 2.0 (and SAML where required).
Common IdPs:
- Okta
- Microsoft Entra ID
- Google Workspace
- Ping Identity
What this provides:
- Single Sign-On (SSO)
- MFA enforcement
- Centralized authentication policy
- Token-based access to PulseVault APIs
PulseVault trusts IdPs for authentication but does not require them to expose directory internals at login time.
2. SCIM – Lifecycle & Group Synchronization (Recommended)
PulseVault implements SCIM 2.0 (RFC 7642–7644) as a Service Provider.
SCIM is the preferred and recommended integration for enterprise customers.
What SCIM is used for:
- User provisioning (joiners)
- Attribute updates (movers)
- Deactivation/offboarding (leavers)
- Group and team membership
- Baseline organizational attributes (department, title, org unit)
Why SCIM:
- Push-based (no polling)
- Idempotent and recoverable
- Enterprise-standard
- Audit-friendly and security-approved
SCIM answers:
“Who exists, where do they belong, and are they still active?”
3. Directory APIs / Graph APIs – Organizational Hierarchy (Optional)
For organizations that require true org-chart semantics (manager, peers, leadership chains), PulseVault can integrate with directory graph APIs.
Examples:
- Microsoft Graph (Entra ID)
- Google Admin Directory API
- HRIS-backed directory services
What these APIs are used for:
- Manager → employee relationships
- Direct reports
- Peer discovery (same manager)
- Leadership chain traversal
Important:
These APIs are used only for organizational structure, not authentication or lifecycle.
PulseVault abstracts these integrations behind a common Org Graph Adapter, so customer-specific implementations do not leak into application logic.
4. LDAP – Legacy & On-Prem Environments (Supported)
PulseVault supports LDAP for organizations that:
- Operate on-prem or in hybrid environments
- Do not have a modern IdP or SCIM capability
- Require direct directory integration
Typical LDAP sources:
- Active Directory
- OpenLDAP
LDAP is supported with clear constraints:
- Read-only access
- Explicit schema mapping
- Secure connectivity requirements
- Intended primarily for synchronization, not runtime querying
LDAP is treated as a compatibility integration, not the long-term strategic path.
5. CSV & JSON – Bootstrap and Transitional Integrations
PulseVault supports importing users and org data via CSV and JSON for:
- Initial onboarding
- Proof-of-concept deployments
- Small organizations
- Transitional phases before IdP/SCIM rollout
These formats support:
- Users
- Teams/groups
- Manager relationships (where provided)
They are not intended for continuous lifecycle management, but they allow PulseVault to deliver value immediately.
How PulseVault Uses This Data
PulseVault builds and maintains an internal organizational graph that powers:
- Knowledge sharing between peers
- Visibility for leaders and managers
- Routing content up and across the organization
- Access control scoped by org structure
This internal graph is:
- Incrementally updated
- Lazily queried by the UI
- Optimized for large organizations (100k+ users)
- Independent of the source system once ingested
The UI never queries SCIM, LDAP, or Graph APIs directly.
Large Organization Support & Lazy Loading
PulseVault does not load entire org charts by default.
Instead:
- Initial views show:
- Manager chain to leadership
- Immediate peers
- Direct reports
- Additional nodes are loaded on demand
- Backed by PulseVault’s internal graph APIs
This provides fast UX even in very large enterprises.
Recommended Integration Path
For most organizations:
- OIDC / SSO for authentication
- SCIM for lifecycle and groups
- Directory / Graph API (optional) for hierarchy
LDAP, CSV, and JSON remain available for compatibility and transition.
Why This Philosophy Works
- No forced migrations
- No identity lock-in
- Enterprise-friendly security posture
- Clear upgrade path to modern standards
- Works equally well for SMBs and Fortune 100s
One-Sentence Summary
PulseVault integrates with your identity and directory systems as they exist today—while enabling a clean, modern path forward.
PulseVault Identity & Directory Integration Philosophy
PulseVault is designed to plug into existing enterprise identity and directory infrastructure, not replace it.
Organizations are at different stages of identity maturity. Some are cloud-native with modern IdPs and SCIM. Others still rely on LDAP directories, HR systems, or flat exports. PulseVault meets customers where they are, while providing a clear upgrade path to modern standards.
Core Principle
PulseVault separates:
This separation allows PulseVault to work cleanly across many environments.
Supported Integration Surfaces
PulseVault supports multiple directory and identity inputs, which can be used independently or together.
1. Identity Providers (IdPs) – Authentication
PulseVault integrates with enterprise IdPs using OIDC / OAuth 2.0 (and SAML where required).
Common IdPs:
What this provides:
2. SCIM – Lifecycle & Group Synchronization (Recommended)
PulseVault implements SCIM 2.0 (RFC 7642–7644) as a Service Provider.
SCIM is the preferred and recommended integration for enterprise customers.
What SCIM is used for:
Why SCIM:
SCIM answers:
3. Directory APIs / Graph APIs – Organizational Hierarchy (Optional)
For organizations that require true org-chart semantics (manager, peers, leadership chains), PulseVault can integrate with directory graph APIs.
Examples:
What these APIs are used for:
Important:
These APIs are used only for organizational structure, not authentication or lifecycle.
PulseVault abstracts these integrations behind a common Org Graph Adapter, so customer-specific implementations do not leak into application logic.
4. LDAP – Legacy & On-Prem Environments (Supported)
PulseVault supports LDAP for organizations that:
Typical LDAP sources:
LDAP is supported with clear constraints:
5. CSV & JSON – Bootstrap and Transitional Integrations
PulseVault supports importing users and org data via CSV and JSON for:
These formats support:
They are not intended for continuous lifecycle management, but they allow PulseVault to deliver value immediately.
How PulseVault Uses This Data
PulseVault builds and maintains an internal organizational graph that powers:
This internal graph is:
The UI never queries SCIM, LDAP, or Graph APIs directly.
Large Organization Support & Lazy Loading
PulseVault does not load entire org charts by default.
Instead:
This provides fast UX even in very large enterprises.
Recommended Integration Path
For most organizations:
LDAP, CSV, and JSON remain available for compatibility and transition.
Why This Philosophy Works
One-Sentence Summary