03-14-2018, 07:17 AM
I’m keen to get some traction behind this and have been toying in my head with what AD integration may look like.
My view would be that maybe as an admin setting, US can be set to primarily use AD authentication (unless your login screen has a US login / AD login different tabbed forms) where if successful and common item (username/email) matches an existing user record, log them in and then follow US group permissions/session as normal. If authentication successful but no unique user item is matched (so no user exists in US but does in AD), create one/register with a basic login permission to account pages etc but nothing more until that account is then added to required groups by a US admin – giving benefit of AD for auth and US for page permissions.
Not sure how practical this is or where to start technically. Would be interested to hear how others might approach this.
My view would be that maybe as an admin setting, US can be set to primarily use AD authentication (unless your login screen has a US login / AD login different tabbed forms) where if successful and common item (username/email) matches an existing user record, log them in and then follow US group permissions/session as normal. If authentication successful but no unique user item is matched (so no user exists in US but does in AD), create one/register with a basic login permission to account pages etc but nothing more until that account is then added to required groups by a US admin – giving benefit of AD for auth and US for page permissions.
Not sure how practical this is or where to start technically. Would be interested to hear how others might approach this.
