On Jan 9, 2019, at 11:08 AM, Tom Benedict <[email protected]> wrote:
> You have clearly a lot of experience with this, and I have none, so I > probably shouldn’t have joined the thread. However, I have a long standing > interest in SSO and Authentication in general. > > What I’ve found, after working many years for a large enterprise organization > which has very high information security standards, is that System > Administrators don’t like custom user access systems and Auditors like them > even less. What they do like are things like Active Directory and LDAP. So my > point is that any 4D app in an enterprise environment should use the > enterprise standard. Now that 4D has the tools to use Active Directory, they > should be used exclusively, without any custom feature access management > buried inside the application. System Administrators want to set access > privileges in Active Directory, not in 4D (and they definitely don’t want to > do it both places). I’ve never done the work in 4D, so I don’t have any > implementation details on how this would be done in 4D, but it appears, from > the 4D Blog posting, that v17R3 can do this. Hi Tom, You can remove all users and access privileges from 4D and put time into Active Directory. You may have to create some Custom Active Directory Attributes to store the information needed for you access privileges — what groups a user belongs to as an example. Then you can use the 4D LDAP commands to query Active Directory for this information in the users account. It is totally doable with v17. I asked client that I have implemented the 4D SSO system I’ve been talking about if they wanted to move everything to Active Directory. We talked about what custom attributes would need to be created and the cost to do all of this. They decided to start with just the authentication part and leave the user access privileges in 4D for now. At some point in the future we plan to move all the user privileges out of 4D and put them into Active Directory. Tim ***************************************** Tim Nevels Innovative Solutions 785-749-3444 [email protected] ***************************************** ********************************************************************** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:[email protected] **********************************************************************
