Written by Sameer Arora – Technical Solutions Director
How Whites Group used SAML to integrate Claromentis with AD (using ADFS)
“Whites Group is an Australian family owned company uniquely servicing the Hardware, Rural and Industrial channels with a strong commitment to product, service and our people”.
Background
More and more companies are looking to host business apps in the cloud which is a no brainer it saves cost in terms of maintenance,hosting and backups and the IT department can get on with their job rather than having to worry about maintaining a additional system.
Though this looks to be a really good proposition it does open up a lot of issues and one of the issues is about maintaining users on this new cloud solution.That means another set of usernames and password to remember, imagine coming to work in the morning the first thing we do is logon to our computers thats your first set of username and password and then another set to logon to the intranet. Considering how many online systems we use today these are just way too many things to remember for this small human brain, its cheaper to buy additional RAM for a pc but not for the brain 🙂
So, why not leverage from the existing Active directory infrastructure and use that to authenticate to intranet, that means no additional username and password, so the moment user logs on to their computers in the morning they will be signed on automatically on to the intranet, how good is that. While this may look straightforward and its quite easy if the solution is hosted internally, but how do we solve this business case when the solution is hosted in the cloud
Problem
Whites Group had the same issue where they maintain all the users in their active directory but still want to authenticate automatically over a cloud hosted intranet. That means when a new user joins they will just add them to active directory, but then they have to add them to the intranet as well, they don’t want to expose their AD to the cloud system and they don’t want to have an additional overhead of hosting a proxy system within their infrastructure.
Solution
SAML
Claromentis integrates with SAML (Security Assertion Markup Language), which a token based authorisation and authentication system where one system becomes the identity provider and claromentis becomes a service provider, all the communication is based on the security token which is XML based and no connection is required as such.
So now when a new employee comes onboard, they just add them to the active directory and when they go to the intranet, claromentis automatically creates that user in the system and logs them straight.
Benefits
- Centralized user management
- Being a cloud hosted app no overhead for IT
- Saves cost and improves productivity as employees can get on with their jobs
Important Considerations
Each business case might be different so implementation and integration with active directory might differ, some companies do allow opening up AD port in that case its a different implementation whereas some companies setup a additional server in their network which acts as a communication gateway between AD and claromentis
There are lots of things to consider for example
- Do you want the cloud hosted solution to be accessible from outside the network?
- Do you want to use another solution like onelogin to connect to AD?
We will tailor a solution based on your specific case and existing infrastructure, if you have any questions or queries regarding this please contact us.
