Newbie question - tying AD login to an app login of different form

Discussion in 'Active Directory' started by Joe, Feb 23, 2006.

  1. Joe

    Joe Guest

    I ahve an application that uses a login format of fjones, and our company's
    AD login has the format of jonesf. We want to enact Single Sign-On so the
    app is accessed based on AD login, but I'm trying to find a way to avoid
    recreating numerous app logins to meet the AD login format.

    Can AD map between fields other than logins? Can we add a field in AD
    called APP_LOGIN that has my app's login with it's format and have AD tie
    that field to the user so they can access the app based on their AD traits?


    Joe, Feb 23, 2006
    1. Advertisements

  2. Joe

    Neil Ruston Guest

    Three suggestions below. These are all conceptual - I do not have details
    regarding how any of them might be achieved :)

    1. Create an SSO environment, outside of AD. In that system, create an
    identity for all users and add all their login IDs as attibutes. Users auth
    with the SSO env and apps are updated to utilise this SSO system as their
    authentication mechanism. (once authed in tyhe SSO system, the user is auto
    authed to use all apps that subscribe to the SSO system)


    2. Add a new attribute in AD, such that both login id formats can be stored
    for each AD user. Users auth with AD and the app is amended so that users
    auth with it via their alternative credentials via the new attribute. (i.e.
    the app enumerates the attribute data and simply asks the user for a p/w)


    3. Amend the app so it uses AD as its auth source. (once the user auths with
    AD, he is also authed to use the app)

    Neil Ruston, Feb 24, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.