Histórico da Página
Index
Índice | ||||||
---|---|---|---|---|---|---|
|
Integration with Active Directory
Contents
...
Integration with Active Directory
There are three ways to integrate fluig Identity with Active Directory (AD):
- Integration for user synchronization and access with AD credentials via SmartSync.
- Integration for Single Sign On via Desktop SSO.
- Integration for access granting and revoking in AD, via administration on fluig Identity.
...
Due to these details, it is crucial that the customer chooses an employee that has know-how of the company's Active Directory infrastructure to provide this information.
In the case of Desktop SSO, it is a script that should be installed in IIS and displayed in such a way that fluig Identity can access it.
This script will be responsible for enabling Single Sign On (SSO) for fluig Identity. Provided that the user has entered their network credentials when logging on to Windows, no username or password will be required when they try to access fluig Identity or any application integrated with fluig Identity.
Architecture
Fluig Identity has a component called SmartSync, which acts as an agent between fluig Identity and the customer's Active Directory, and is responsible for:
...
It is important that SmartSync is always available so that it can provide synchronization and authentication with AD credentials. In case this component is offline, fluig Identity users have a contingency to continue accessing their applications, which consists in using their own credential (personal password), which is set as the user is enabled.
See below examples of some possible scenarios:
Deck of Cards |
---|
...
| |||
|
...
|
Requirements
It would be ideal to provide a high availability environment, with 2 computers dedicated to SmartSync and Desktop SSO, and a third one used for load balance, in the case of Desktop SSO.
The customer can also choose to use only 1 machine on which to install SmartSync and Desktop SSO, eliminating the redundant machine and Load Balancer.
See the Portability Matrix - fluig Identity for the required hardware and software for synchronization of users with AD, authentication with AD credentials and Single Sign On.
This server, or servers if the customer chooses high availability, needs to meet a few more requirements:
...
- The machine where to install SmartSync/Desktop SSO should not be the same as where the AD/domain controller is installed so as to prevent it from being exposed to the internet.
Nota | ||
---|---|---|
| ||
If Active Directory is directly integrated with fluig, that is, not via fluig Identity, make sure to disable this configuration before integrating AD in Identity. Otherwise, there may be access conflicts and invalid user errors on screen when using fluig. |