[Owasp-delhi] Is it a good design to put external users in Active Directory
Dharmesh M Mehta
Dharmesh.Mehta at mastek.com
Thu Oct 28 06:14:30 EDT 2010
If I had to provide access to the enterprise portals to some of the people in my partner organization (external users), I need to authenticate them.
If my internal users are using Active Directory for authentication to the Enterprise Portals, will it be a good design to create external users in the AD and allow authentication to the portal?
Or one should go with doing custom authentication of the external users in Database and "not touch" Active Directory"?
Or setup federated "trust" between organization Active Directory (assuming both have same Active Directory technology)?
My take is that Active Directory is the best product to manage user authentication and should be used for creating external users too.
Your thoughts please.
Thanks & Regards,
Dharmesh M Mehta
CISSP, Security Specialist
Mastek Ltd | MNDC, MBP Mahape, Navi Mumbai, India | (T) 91 22 6791 4646 Extn - 5469 | Mobile: 91 9730002132
http://smartsecurity.blogspot.com<http://smartsecurity.blogspot.com/>
MASTEK LTD.
In the US, we're called MAJESCOMASTEK
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Opinions expressed in this e-mail are those of the individual and not that of Mastek Limited, unless specifically indicated to that effect. Mastek Limited does not accept any responsibility or liability for it. This e-mail and attachments (if any) transmitted with it are confidential and/or privileged and solely for the use of the intended person or entity to which it is addressed. Any review, re-transmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. This e-mail and its attachments have been scanned for the presence of computer viruses. It is the responsibility of the recipient to run the virus check on e-mails and attachments before opening them. If you have received this e-mail in error, kindly delete this e-mail from desktop and server.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20101028/95214b10/attachment.html
More information about the Owasp-delhi
mailing list