Find solution
is there a way to manage DNS without being a sysadmin?

An easy solution to a single website login?

  • The situation is that I manage a bunch of websites & web services, all with their own separate user accounts. It would be useful to unify all these logins. The problem is that the software infrastructure necessary to support unified logins is way beyond my capabilities. Is there a suitable technology shortcut or a way I can cheaply buy such a service? I'm not an IT guy but a bioinformatician, and part of my brief is to manage the software infrastructure for a major genomics project. So I have to be an IT guy, above and beyond my skills. (Local sysadmin resources - me.) We've based the infrastructure in AWS, which has been a big win. Deploy an app with ElasticBeanstalk and get scaling and easy config? Awesome. Need to spin up a more powerful machine? Simple. However, with various different systems and web services, it would be nice to have a single identity and login system across them all. And indeed, most of the services support LDAP / OpenID. Shibboleth, etc. This is where it starts to get hairy: the solutions for serving / managing these are technically very complex. You know it's tough when you read articles from seasoned IT professionals complaining about how hard it was to get the software running and how much time they have to spend to keep it running. Things I've tried: * Amazon provides a directory service ... but the product is still immature and you still need a software stack to manage it. * I've sunk a few weeks trying to get my head around LDAP with no great success. * There are a number of companies selling auth / id as a service, but their solutions look vastly overpowered for what I need and come at a high ticket price (e.g. several dollars per user per month). * There's a few images of LDAP servers or the like on the Amazon market, but with some poor reviews attached, so that may not save me much effort. This is a big problem - every moment I spend on this is a moment not spent on "real" work - no one is going to thank me for setting this up. But it seems like the user management will become overwhelming if it's not done. Various technical details: * Based in the UK. * We probably have about 100 users, although the active number is more like 20. * No one will ever, ever have to login at the commandline / Unix or AWS level. This is strictly for webapps only. * We're a Unix shop, so Windows-based solutions are at a disadvantage. * Many of the users are ... not very technical. For example, they mail me when they forget their password and lodge complaints like "the database is acting funny, fix it". Suggestions?

  • Answer:

    Standard caveats about security being Hard apply, but the one time I needed to do something like this, https://simplesamlphp.org/ turned out to be a lot simpler than I expected.

outlier at Ask.Metafilter.Com Visit the source

Was this solution helpful to you?

Other answers

Would you instead consider something like LastPass? They offer enterprise accounts where you can deploy shared folders of passwords to your groups of users. The web extension auto-fills web forms with credentials, so users don't have to remember stuff. We did this with an office of 100 people and it worked out great for our use-case. Single-sign-on is not what this is, of course, but from a user's perspective it solves the same problem.

odinsdream

Sequence

Have you looked at SSO services like https://www.okta.com/? Full disclosure: I have a financial stake in the company.

Noisy Pink Bubbles

Have you looked at SSO services like Okta? I've looked at some. (See brief comment about companies that sell auth services.) I was hoping for a recommendation with the caveats that: * The services I've seen seem overpowered for what I need (e.g. device management, multi-factor auth) * The prices - when prices are even given - are prohibitive. Nonetheless, I'll look at Okta.

outlier

I get the LastPass idea (I use it myself) but I'm not clear on how it would work in this case. The same password is shared across multiple services, so they have the same user-password for each system? I'm also a little dubious about getting them to install an extension.

outlier

Isn't Google Identity mainly for writing your own apps? (I've activated it in my developer console and otherwise it seems to just offer OAuth.) SimpleSAMLphp looks good - about the first "out of the box" solution I've seen. Will give it an install and see how it works.

outlier

So, I'm just saying how we used it. Again, it's not really SSO. What you would do is simply roll out the extension with a Group Policy or Login script (or direct them to manually install it) and then let individuals register all of the web apps they use, whether or not they use the same password (in fact it's better if they don't use the same password). Then, the browser extension would auto-fill the login screens for the apps they use. Yes, it doesn't truly mean SSO in the sense of a single identity provider or centralized management, but to be honest that whole avenue, as you've found, is like waiting around for the flying car. Even in well-oiled IT shops in large companies, there are dozens of so-called "legacy" systems that don't support the company's SSO platform, which means users are left to manage individual credentials for those systems.

odinsdream

Related Q & A:

Just Added Q & A:

Find solution

For every problem there is a solution! Proved by Solucija.

  • Got an issue and looking for advice?

  • Ask Solucija to search every corner of the Web for help.

  • Get workable solutions and helpful tips in a moment.

Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.