Greetings -
We have a 3rd party vendor who wants to tie their web app into our AD
for authentication and authorization. (This is an app that has already
been purchased and is in-house but uses a local db for AAA).
What, specifically, should I be asking them about their application so
as to keep our environment in its secure and stable state?
AFAIK, all they have 'asked' for is a U/P with read access to users and
groups. Obviously, they aren't getting anything until we work out the
details.
Curious as to what other orgs consider when in similar circumstances.
Environment (FWIW):
Single forest, single domain. All DCs w2k3 SP1, FFL/DFL are w2k3.
tia,
john
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
