0

I'm not really sure how to short and precisely describe my problem. Thus, I was unable to find a solution or at least a hint via google.

We have a Microsoft AD domain and are currently planning to use an external developed software on a third party managed server. It is planned to utilize our AD for authentication and authorization, but our information security department does not like the idea of opening our firewall for ldaps, ldap-ssl and kerberos for access through the third party managed server.

My question is: Are there other , ore secure ways, to utilize our AD for authentication and authorization?

Thanks in advance, PJ

PJ87
  • 1
  • 2
    See if AD FS can be used for this. - https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/ad-fs-overview – joeqwerty Apr 20 '23 at 13:43
  • `information security department does not like the idea of opening our firewall for ldaps, ldap-ssl and kerberos for access through the third party managed server.` Fortunately they stopped that. 99% of cases organizations use federation, such as ADFS or Ping. In the small number of cases that cannot, there are other third party identity management products that don't use federation, but requests for solutions are off-topic. – Greg Askew Apr 20 '23 at 15:46
  • And just to chime in, it should be a *prerequisite* for any enterprise product today that it use federated or "modern authentication" methods (e.g. SAML via AzureAD, which I'd suggest over a new ADFS environment), when users need to authenticate outside the business network. You should give your IT Sec dept a box of chocolates for saving you a lot of angst - and you should leverage their expertise in advance in future if some architect/PM/boss comes up with other creative ideas for external auth. I'd also wonder about data security *inside* the product, if that was their auth solution. – LeeM Apr 21 '23 at 05:21

0 Answers0