What is the Protectedpdf External Identity Provider?

Vitrium Systems’ protectedpdf solution allows you to distribute PDF documents securely. You can use the protectedpdf server with credentials, as well as work with credentials that are not managed by the protectedpdf server at all. This is achieved through a customized server implementation referred to as an External Identity Provider (EIP).

Using an EIP allows you to customize credentials to your needs, e.g., you could use username and password pairs, or Employee ID numbers and access codes to authorize access to your documents.

In addition, the EIP enables you to create customized business rules for managing access to your documents – e.g., you could implement functionality to terminate access after the document has been opened a certain number of times, or limit access to specific ranges of IP addresses.


How to Create a Protectedpdf Document

A Document Creation System Flow Chart

Protectedpdf document-creation flow

(1) Policy Settings & Raw PDF – Given a raw PDF document, pass it to the protectedpdf server so that it can be protected. As part of this operation, the document may be associated with an external key that identifies it in an existing document management or access control system

(2) Download Protected PDF – Obtain the PPDF document from the protectedpdf server

(3) Distribute Protected PDF – Pass the protectedpdf document on to the distribution system. This system is responsible for delivering the protectedpdf document to the end user. For example, the distribution system could be a web portal that allows end users to download the document. After that, the end user opens the protectedpdf document in order to read it.


How Readers Access and Read the Protected Document

A Reader-Access Flow Chart


(1) End User Opens and Reads PDF – The end-user opens the protectedpdf document. A login page appears asking them to enter their credentials

(2) Connecting to Protectepdf Server – The user’s credentials and other metadata are sent to the PPDF server via a web request.

(3) Authenticate Credentials – The protectedpdf server validates the metadata and then makes a web service call to the External Identity Provider (EIP).

(4) Verify User Credentials – The EIP determines whether the user’s credentials are valid (authentication) and whether they can have access to the specific document being opened (authorization). The specific logic used to make these decisions varies from customer to customer.

(5) Are the Credentials Valid – The result of authentication/authorization is obtained by the EIP.

(6) Decision to Unlock PDF – The decision to either unlock or lock the document is returned to the protectedpdf server.

(7) Lock or Unlock PDF – The lock/unlock decision is returned to the document. If the result is to unlock, then the contents of the document are made visible to the user. Otherwise, if the content is inaccessible, the page displays a message indicating that the user must log in to see the content.


Protectedpdf star icon Would you like to…