Best practise for handling external users

Discussion in 'Active Directory' started by Raj, Nov 14, 2007.

  1. Raj

    Raj Guest

    Hi all,

    I'm hoping for some advice on handling the following scenario -

    We have a sector authentication scheme based on Sun Access Manager to handle
    external authentication. For Windows IIS apps there is an AM agent to handle
    the authentication - however for SharePoint there will still need to be a
    matching AD account and groups to handle their permissions once they
    authenticate (if theres a better way of handling it let me know!).

    So regardless of how the external users are handled, where is the best place
    to keep their AD accounts ? Within an OU in our internal production domain ?
    In a seperate domain with a one way trust relationship to SharePoint
    resources in the internal production domain ?

    If it was just 20 to 30 people I'd be happy hosting them within the internal
    domain but we're potentially talking about 2000 to 3000 external clients with
    all the security and management headaches that number of external clients
    entails.

    How do people out there handle their external users when it comes to
    allowing them to access internal resources (in this case the SharePoint sites
    are reverse proxied via ISA2k6) ?

    Thanks in advance,
    Raj.
     
    Raj, Nov 14, 2007
    #1
    1. Advertisements

  2. Raj

    Dylan Guest

    An separate domain in your extranet is what I would do if you're talking
    about 2-3000 users.
     
    Dylan, Nov 14, 2007
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.