SSO via LDAP
-
I have a friend who wants to expose their AD/LDAP to the internet (behind a FW) to allow single sign-on. Looking for some opinions on this. It will be to authenticate the users on an external website. Thoughts?
-
@brandon220 said in SSO via LDAP:
I have a friend who wants to expose their AD/LDAP to the internet (behind a FW) to allow single sign-on. Looking for some opinions on this. It will be to authenticate the users on an external website. Thoughts?
Exposing with firewall restrictions is just fine. I mean you either trust the site or you don't.
-
Are they a Microsoft shop? If they are ADFS is fairly easy to setup.
But the additional overhead may not be worth it for a single site. It can also be a bit fragile if you don't have the expertise (or time) to work on it.
-
Shibboleth and WSO2 are both viable options as well if you're looking at something open source.
-
They do trust the site and were given a list of IPs to allow traffic thru the FW. It is Microsoft AD.
-
@brandon220 said in SSO via LDAP:
I have a friend who wants to expose their AD/LDAP to the internet (behind a FW) to allow single sign-on. Looking for some opinions on this. It will be to authenticate the users on an external website. Thoughts?
Typically SSO is done via a federation server (ADFS), or by leverageing Azure AD for authentication.
What app or service are they wanting to use LDAP authentication for?
-
I do not have the specifics yet. Just had a call last night asking about if is possible to do so.
-
I am looking at doing this with another SSO provider; Okta is on the shortlist.
-
@wrx7m said in SSO via LDAP:
I am looking at doing this with another SSO provider; Okta is on the shortlist.
We've been using Okta and its been great.
-
@black3dynamite said in SSO via LDAP:
@wrx7m said in SSO via LDAP:
I am looking at doing this with another SSO provider; Okta is on the shortlist.
We've been using Okta and its been great.
Thanks for the mini review :grinning_face:
-
@wrx7m said in SSO via LDAP:
@black3dynamite said in SSO via LDAP:
@wrx7m said in SSO via LDAP:
I am looking at doing this with another SSO provider; Okta is on the shortlist.
We've been using Okta and its been great.
Thanks for the mini review :grinning_face:
