Abstract: Embodiments include a multi-tenant cloud-based identity management system for a plurality of tenants. Embodiments include a global database providing a first set of resources to the plurality of tenants and a plurality of tenant databases, each tenant database providing a second set of resources to one of the plurality of tenants. Embodiments further include a plurality of resources accessible by the tenants and an automated upgrade framework for upgrading the global database and the tenant databases in response to an upgrade of a first release of the system to a second release of the system. For the automated upgrade framework, embodiments determine resource changes between the first release and the second release, generate an upgrade patch based on the resource changes and apply the upgrade patch to the global database.

Abstract: Embodiments operate a multi-tenant cloud system. At a first data center, embodiments authenticate a first client corresponding to a first tenant ID and store resources that correspond to the first client, the first data center in communication with a second data center that is configured to authenticate the first client and replicate the resources. The first data center receives an Application Programming Interface (“API”) request for the first client corresponding to a change to the resources, and generates a change log and corresponding change event message in response to the API request. Embodiments compute a first hash corresponding to the first tenant ID of the change log to determine a first partition of a first queue at the first data center. The first data center pushes the change event message to the second data center via an API call.

Abstract: Embodiments operate a multi-tenant cloud system. At a first data center, embodiments authenticate a first client and store resources that correspond to the first client, the first data center in communication with a second data center that is configured to authenticate the first client. Embodiments divide the resources into base data and regular data, where the base data is a minimum data needed to allow the resources to be available to the first client at the second data center. Embodiments store the base data on a cloud storage in a base data export file and store the regular data on the cloud storage in a regular data export file. Embodiments export the base data export file to the second data center and when the exporting the base data export file has completed, exports the regular data export file to the second data center.

Abstract: A system stores and uses object relationships in a multi-tenant cloud-based identity and access management (IAM) system by: defining a schema for storing related objects, where the schema includes reference attributes indicative of relationships between the related objects in a database, and the schema defines a relationship type and a persistence scope for each reference attribute; constructing an in-memory representation of the related objects and their relationships based on the schema, where the in-memory representation indicates the relationship type and the persistence scope for each reference attribute; and using the in-memory representation of the related objects to perform an IAM service for a client of the multi-tenant cloud-based IAM system.

Abstract: Embodiments operate a multi-tenant cloud system. At a first data center, embodiments authenticate a first client corresponding to a first tenant ID and store resources that correspond to the first client, the first data center in communication with a second data center that is configured to authenticate the first client and replicate the resources. The first data center receives an Application Programming Interface (“API”) request for the first client corresponding to a change to the resources, and generates a change log and corresponding change event message in response to the API request. Embodiments compute a first hash corresponding to the first tenant ID of the change log to determine a first partition of a first queue at the first data center. The first data center pushes the change event message to the second data center via an API call.

Abstract: Embodiments include a multi-tenant cloud system with a first data center and a second remote data center. The first data center authenticates a first client and stores resources that correspond to the first client, and is in communication with the second data center. The second data center authenticates the first client and replicates the resources. The first data center receives a write request for the first client, writes the write request and generates change event messages in a first order. The first data center pushes the change event messages to the second data center via REST API calls. In response to receiving the change event messages, the second data center is configured to write the change event messages in the first order to its local database.

Abstract: Embodiments operate a multi-tenant cloud system with a first data center. At the first data center, embodiments authenticate a first client and store resources that correspond to the first client, the first data center in communication with a second data center that is configured to authenticate the first client and replicate the resources. In response to upgrading global resources at the first data center to a new version, embodiments generate a manifest file including a listing of global resource types and schemas that are modified or added in response to the upgrading. Embodiments further upgrade global resources based on the manifest file and write the upgraded global resources to a first global database and generate change event messages corresponding to the upgraded global resources.

Abstract: A system performs reference attribute query processing in a multi-tenant cloud-based identity and access management (IAM) system by: receiving a request from a client of the multi-tenant cloud-based IAM system, where the request indicates one or more reference attributes associated with a resource that is persisted in a database of the multi-tenant cloud-based IAM system, and the request indicates one or more filter conditions configured to be applied on the one or more reference attributes; building a query based on the one or more reference attributes and the one or more filter conditions; retrieving resource data by executing the query on a database of the multi-tenant cloud-based IAM system, where the retrieved resource data is associated with the one or more reference attributes and satisfies the one or more filter conditions; and returning the retrieved data to the client of the multi-tenant cloud-based IAM system.

Abstract: Embodiments replicate resources in a multi-tenant cloud system. Embodiments receive a master resource, associated with a master account of the cloud system to be replicated, where the master resource includes a master JavaScript Object Notation (“JSON”) object and includes a plurality of master attributes. Embodiments generate a master resource metadata JSON by calculating hash values for each of the master attributes to generate master attribute level hashes and by calculating an aggregate of all of the hash values to generate a master resource level hash. Embodiments store each master attribute of the master JSON object in a separate column of a master database table associated with the master account and store the master resource metadata JSON is in a separate hash column of the master database table. Embodiments replicate the master JSON object to create a replicated JSON object including a plurality of replicated attributes.

Abstract: Embodiments operate a multi-tenant cloud system. At a first data center, embodiments authenticate a first client and store resources that correspond to the first client, the first data center in communication with a second data center that is configured to authenticate the first client. Embodiments divide the resources into base data and regular data, where the base data is a minimum data needed to allow the resources to be available to the first client at the second data center. Embodiments store the base data on a cloud storage in a base data export file and store the regular data on the cloud storage in a regular data export file. Embodiments export the base data export file to the second data center and when the exporting the base data export file has completed, exports the regular data export file to the second data center.

Abstract: Embodiments include a multi-tenant cloud-based identity management system for a plurality of tenants. Embodiments include a global database providing a first set of resources to the plurality of tenants and a plurality of tenant databases, each tenant database providing a second set of resources to one of the plurality of tenants. Embodiments further include a plurality of resources accessible by the tenants and an automated upgrade framework for upgrading the global database and the tenant databases in response to an upgrade of a first release of the system to a second release of the system. For the automated upgrade framework, embodiments determine resource changes between the first release and the second release, generate an upgrade patch based on the resource changes and apply the upgrade patch to the global database.

Abstract: Embodiments operate a multi-tenant cloud system with a first data center. At the first data center, embodiments authenticate a first client and store resources that correspond to the first client, the first data center in communication with a second data center that is configured to authenticate the first client and replicate the resources. In response to upgrading global resources at the first data center to a new version, embodiments generate a manifest file including a listing of global resource types and schemas that are modified or added in response to the upgrading. Embodiments further upgrade global resources based on the manifest file and write the upgraded global resources to a first global database and generate change event messages corresponding to the upgraded global resources.

Abstract: A privileged account manager is provided for monitoring privileged sessions on target systems of an enterprise. In an embodiment, the privileged account manager is configured to capture metadata related to a privileged session and generate a first activity pattern for the privileged session based on the captured metadata. The first activity pattern may include a sequence of one or more activities performed by a first user during the privileged session. The privileged account manager may be configured to identify a second activity pattern that comprises at least a subset of the one or more activities performed by the first user during the privileged session and determine an appropriate action to be performed for the first activity pattern based on the identification of the second activity pattern. In some embodiments, the privileged account manager may be configured to transmit the action to a second user on a client device.

Abstract: Embodiments include a multi-tenant cloud system with a first data center and a second remote data center. The first data center authenticates a first client and stores resources that correspond to the first client, and is in communication with the second data center. The second data center authenticates the first client and replicates the resources. The first data center receives a write request for the first client, writes the write request and generates change event messages in a first order. The first data center pushes the change event messages to the second data center via REST API calls. In response to receiving the change event messages, the second data center is configured to write the change event messages in the first order to its local database.

Abstract: Embodiments replicate resources in a multi-tenant cloud system. Embodiments receive a master resource, associated with a master account of the cloud system to be replicated, where the master resource includes a master JavaScript Object Notation (“JSON”) object and includes a plurality of master attributes. Embodiments generate a master resource metadata JSON by calculating hash values for each of the master attributes to generate master attribute level hashes and by calculating an aggregate of all of the hash values to generate a master resource level hash. Embodiments store each master attribute of the master JSON object in a separate column of a master database table associated with the master account and store the master resource metadata JSON is in a separate hash column of the master database table. Embodiments replicate the master JSON object to create a replicated JSON object including a plurality of replicated attributes.

Abstract: A system performs reference attribute query processing in a multi-tenant cloud-based identity and access management (IAM) system by: receiving a request from a client of the multi-tenant cloud-based IAM system, where the request indicates one or more reference attributes associated with a resource that is persisted in a database of the multi-tenant cloud-based IAM system, and the request indicates one or more filter conditions configured to be applied on the one or more reference attributes; building a query based on the one or more reference attributes and the one or more filter conditions; retrieving resource data by executing the query on a database of the multi-tenant cloud-based IAM system, where the retrieved resource data is associated with the one or more reference attributes and satisfies the one or more filter conditions; and returning the retrieved data to the client of the multi-tenant cloud-based IAM system.

Abstract: A system stores and uses object relationships in a multi-tenant cloud-based identity and access management (IAM) system by: defining a schema for storing related objects, where the schema includes reference attributes indicative of relationships between the related objects in a database, and the schema defines a relationship type and a persistence scope for each reference attribute; constructing an in-memory representation of the related objects and their relationships based on the schema, where the in-memory representation indicates the relationship type and the persistence scope for each reference attribute; and using the in-memory representation of the related objects to perform an IAM service for a client of the multi-tenant cloud-based IAM system.

Abstract: A system and method can support user account management in a computing environment. The computing environment can include a video encoding pool to support load balancing and a managing server, such as a privileged account manager server. The video encoding pool includes a set of nodes that are able to perform one or more video processing tasks for another node. Furthermore, the managing server can receive a request from a managed node in the computing environment for delegating a video processing task, and can select one or more nodes from the video encoding pool to load balance and to perform the video processing task.

Abstract: A privileged account manager is provided for monitoring privileged sessions on target systems of an enterprise. In an embodiment, the privileged account manager is configured to capture metadata related to a privileged session and generate a first activity pattern for the privileged session based on the captured metadata. The first activity pattern may include a sequence of one or more activities performed by a first user during the privileged session. The privileged account manager may be configured to identify a second activity pattern that comprises at least a subset of the one or more activities performed by the first user during the privileged session and determine an appropriate action to be performed for the first activity pattern based on the identification of the second activity pattern. In some embodiments, the privileged account manager may be configured to transmit the action to a second user on a client device.

Abstract: A system and method can support user account management in a computing environment. The computing environment can include a video encoding pool to support load balancing and a managing server, such as a privileged account manager server. The video encoding pool includes a set of nodes that are able to perform one or more video processing tasks for another node. Furthermore, the managing server can receive a request from a managed node in the computing environment for delegating a video processing task, and can select one or more nodes from the video encoding pool to load babalance and to perform the video processing task.