Whether you are building a new application or trying to retire the old legacy directory for an old application, having a virtual directory directly tied to your identity directory gives you great flexibility.
EmpowerID maintains a metadirectory that inventories and updates all of your various identity stores on a continuous basis, keeping a single unified "person view" of each user, whether they be internal or external. This metadirectory can be used for a lot more than Identity and Access Management (IAM), however.
But rather than synchronize all of this identity information to yet another directory, EmpowerID's Virtual Directory allows you to present this metadirectory identity information as LDAP. EmpowerID roles are presented as LDAP groups and you can maintain the exact schema required for the application without having to manage another directory.
This virtual directory is especially useful for applications that require internal and external users to both have access, replacing the need to have external users inside of your corporate directory. As LDAP, users on any OS can access, authenticate and authorize against the directory.
By using this virtual directory as your application directory, you no longer have to worry about separate provisioning and de-provisioning as all of the workflows around user management are included in your IAM, you simply create a role based provisioning workflow to create accounts in the virtual directory based on user attributes. You can offer self registration, password management, single sign-on, and RBAC policies to apply to what your user can and cannot do in the application.
Since all of EmpowerID is workflow based and can be managed with APIs and web services, you can even build the management of these users into your application, lessening the learning curve for administration of the application
Virtual directories that are separate from your IAM have many of the same challenges as legacy directories, take a look at what you would need to integrate the two and take advantage of all of the IAM capabilities for your application.