Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
divanikus2019-03-20 20:37:49
System administration
divanikus, 2019-03-20 20:37:49

What Identity Management systems do you use? Or perhaps there are alternative approaches?

There was a problem - we need a way to somehow centrally manage what access employees have. In a minimal formulation, at least these very accesses can be seen. Do you use any solutions for such accounting? If so, which ones?
Why LDAP and the like are not suitable - with the advent of the clouds, not all services belong to us, so it’s not possible to simply cut your LDAP everywhere. With SSO, too, not everything is so simple, if some service does not support it, the whole initiative is down the drain. I think it's also a quest to cut an external SSO provider to local sshd.
Maintaining the database manually is not an option, because there is always a risk of changing the rights by the responsible person, and he himself can simply forget about it.
In general, tell me what can be used to solve such a problem? So far, the look has fallen on Apache Syncope, but I want to understand how legitimate such Wishlist is, whether we are reinventing the wheel.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
D
Dimonchik, 2019-03-21
@dimonchik2013

You, in general, answered the question yourself - up to a certain level, we have an approach to support the combine
: everything is in the JIRA ecosystem, and the management of external services - administratively
all employees have soaps on project domains (especially fun here with external contractors, they thought give on the guest domain, but in the end we also give on the project domains)
respectively, the role matrix contains which employee where what is allowed, and the procedure for issuing and revoking has been established - the corresponding roles receive notifications - tickets, the ticket has a workflow, etc.
scripts check all this (where API, where by emulation), but without fanaticism (for example, it will check that there is access to google analytics, but without a permission level, etc.)

Report
A
Ascar, 2019-03-21
@Ascar

I have enough identity server 4 + asp.net identity system. Work with the database, roles, etc. respectively through UserManager, RoleManager

Report
D
dmitry-idm, 2019-03-27
@dmitry-idm

I recommend looking towards midpoint. It has richer functionality and is developing at a good pace. In Russia, there are already a couple of decent implementations and support, unlike syncope.

Similar questions
W
William Horn2019-11-22 00:17:08
How to get the id of the message sent by the bot? 2Reply
S
Stan Marsh2016-09-20 09:25:09
How to track whether a file was read or not? 5Reply
B
Baixa2022-04-08 16:46:58
How to set up vestacp on a server that already hosts Wireguard? 0Reply
K
ka-may2022-04-09 17:46:56
Why doesn't IDLE Timeout work in RouterOS? 2Reply
V
vinznsk2019-02-22 11:15:31
How to set redirect exception in .htaccess? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question