Better/tighter integration with Windows Active Directory for managing users and user rights in MooD (MBA/MAE)
As a representative for MooD as a tool internal to the organisation I work in
I want to MooD to have better/tighter integration with Active Directory (AD) when it comes to managing and maintaining users and user rights in MooD, both for MBA and MAE.
So That MooD can be set up in such a way as to reduce the amount of manual work currently required to achieve single sign on capability over the web. Also, if the concept can be extended to MBA, such that user can achieve single sign on through to MooD (no extra login prompt required), this would be very beneficial.
As a caveat, I do understand that there are probably technical difficulties that I am now sort of "hand waving" - such as "where would I manage user rights" and "what would happen if user rights to MooD and resources MooD uses do not align (e.g. SQL Server)". The specifics on how to achieve the end goals might need some discussions...
Benefits: Reducing manual work load required to keep MooD as an enterprise tool throughout the organisation. Way of aligning with IT Security requirements.
Acceptance Criteria
- Ability to make sure new users get access to MooD through Web/MAE (and maybe MBA) by rights set up in Active Directory, without the manual steps of creating users and assigning them to user groups, which is what is currently required.
- (needs further clarifications) Ability to set up user rights in AD and transferring them over to MooD
Customer / Originator LFV
Priority High (req 1), Mid (req 2)
-
Hi Karl,
Although we've not implemented zero-administration AD integration, have you seen that you can already get single sign-on in MBA (076)?
How to enable Single Sign On (SSO) in a repository – MooD (moodinternational.com)
-
Hi Giles,
Thank you for the quick answer!
It is a step in the right direction to be sure (and one which we will be utilising as soon as we go to the next build). However, one of the main challenges right now is that when someone get added to the active directory @LFV, there are manual steps which needs to be taken in order for them to be added to our MAE solution (with the appropriate user rights). Since this is done by different people and by a process which is largely manual it has been pinpointed as one of the things which makes MooD less desirable for implementing "enterprise solutions" (for lack of better words).
The second piece to this in the allocating user rights in MooD. The ask is to be able to handle this through AD (at least in some environments, but I think that if this was a smooth option, it would be used more broadly). Now, I do understand this is far from trivial. For instance, setting up user rights in MooD (which could also use some improvements) is an integral part to delivering any solution - how would we get this information over to the AD, as well as any changes made to those user rights at a later stage? There are many challenges which I understand would probably be quite hard here. That said, I do not have the technical know-how to actually go into those details, so I have chosen to focus strictly on "what we want done" without having fully explored what that might entail...
I hope this makes it a bit clearer what we want to achieve.
Please sign in to leave a comment.
Comments
2 comments