Devolutions ForumDevolutions Forum

True Active Directory Integration without the need for Password Server

True Active Directory Integration without the need for Password Server

0 vote

avatar
jeffrey01

The feature list on the website says that the product supports Active Directory for roles/groups, however the product does not have native support for AD Groups. It currently requires another product from Devolutions. For those customers that already have a IAM solutions it limits the enterprise functionality of RDM.

All Comments (6)

avatar
David Hervieux

Hello,
Do you have an idea how we could do that without a server?

Regards

David Hervieux

avatar
jeffrey01

RDM already does AD integration for user authentication. I assume you can determine the users' samaccountname or UPN.

Then for the Role you would link the Role to the Distinguished name of the AD security group.

At the launch of the application, get the aduser group membership, if user is member of AD group distinguished name assign to that role in RDM that matches the configured Distinguished name.

You could leverage a pre-configured LDAP connection that is managed by the RDM administrator.

All of the permissions, etc would remain the same just basically create a pointer or placeholder for RDM configured user that are also a member of the linked AD group in the RDM role.

avatar
David Hervieux

Hello,
This is how we use to do it in Password Server but it was not efficient. The AD structure can have inherited groups and it retrieve the group information is very slow. That why we decided to synchronize in background the AD structure in Password Server. Anyway we will check what we can do.

Regards

David Hervieux

avatar
jeffrey01

Maybe a stripped down version of Password Server that only does the AD integration? My issue (beside the added cost/user) is I can't buy Password server because my Security team will not allow it. We have a single IAM source and unfortunately that is not Password Server. Yes I tried saying we would only uses the AD integration. They still blocked the purchase.

avatar
David Hervieux

It's interesting because I might have something in the future. You gave me an idea. We are working hard on Devolutions Account (https://login.devolutions.com) and or next major milestone is to add the Organization feature like GitHub. This will allow you to configure AzureAD or another authentication service as your identity provider and SCIM (https://en.wikipedia.org/wiki/System_for_Cross-domain_Identity_Management). RDM could leverage this infrastructure for the authentication and the roles. I will explore this possibility.

Regards

David Hervieux

avatar
jeffrey01

Just checking back if any updates.