Ask HN: How to handle user management for company used SaaS without SAML support
As a company the usage of various SaaS is quite common (e.g. DockerHub, Github, Google Analytics for techblogs, ...). Some of those services offer auth interfaces like SAML (LDAP, Active Directory). Github is one. Some services offer nothing in this direction. DockerHub is one. Often the usage of a private account (eg in Github) make sense to keep history, resume and so on. Even google is doing this. See http://ift.tt/2CuNBfF The issue here: You are not able to get a mapping to the employee because their username, email or avatar can be quite wired/different. The big issue appears when the employee is leaving the company. That is the main reason for this Ask HN. I "dream" from a kind of engineers self service center. A web ui that has several "plugins". Each plugin related to one service (Github, Dockerhub, GA for techblog and so on). Every person who wants to see the analytics of the techblog requests access via this web ui. In the background a mapping between their google account and the company email / employee identifier is maintained. And the user is connected to your GA account via an API call to google. This could be done with various services. In the background a cronjob is running and asking the LDAP / Active Directory if this user is still active (i assume that when an employee is leaving that the AD account is disabled/deleted). If the user is not active anymore, access on all services will be revoked automatically. I think that this problem is faced by many companies. Maybe this is a free startup idea. How you deal with this in your company? Or what solution you use / suggest / refer to? Or is there already a open source version of my dream service center? Or any reason why this is a dumb idea and you have a better alternative in mind? 0 comments on Hacker News.
As a company the usage of various SaaS is quite common (e.g. DockerHub, Github, Google Analytics for techblogs, ...). Some of those services offer auth interfaces like SAML (LDAP, Active Directory). Github is one. Some services offer nothing in this direction. DockerHub is one. Often the usage of a private account (eg in Github) make sense to keep history, resume and so on. Even google is doing this. See http://ift.tt/2CuNBfF The issue here: You are not able to get a mapping to the employee because their username, email or avatar can be quite wired/different. The big issue appears when the employee is leaving the company. That is the main reason for this Ask HN. I "dream" from a kind of engineers self service center. A web ui that has several "plugins". Each plugin related to one service (Github, Dockerhub, GA for techblog and so on). Every person who wants to see the analytics of the techblog requests access via this web ui. In the background a mapping between their google account and the company email / employee identifier is maintained. And the user is connected to your GA account via an API call to google. This could be done with various services. In the background a cronjob is running and asking the LDAP / Active Directory if this user is still active (i assume that when an employee is leaving that the AD account is disabled/deleted). If the user is not active anymore, access on all services will be revoked automatically. I think that this problem is faced by many companies. Maybe this is a free startup idea. How you deal with this in your company? Or what solution you use / suggest / refer to? Or is there already a open source version of my dream service center? Or any reason why this is a dumb idea and you have a better alternative in mind?
As a company the usage of various SaaS is quite common (e.g. DockerHub, Github, Google Analytics for techblogs, ...). Some of those services offer auth interfaces like SAML (LDAP, Active Directory). Github is one. Some services offer nothing in this direction. DockerHub is one. Often the usage of a private account (eg in Github) make sense to keep history, resume and so on. Even google is doing this. See http://ift.tt/2CuNBfF The issue here: You are not able to get a mapping to the employee because their username, email or avatar can be quite wired/different. The big issue appears when the employee is leaving the company. That is the main reason for this Ask HN. I "dream" from a kind of engineers self service center. A web ui that has several "plugins". Each plugin related to one service (Github, Dockerhub, GA for techblog and so on). Every person who wants to see the analytics of the techblog requests access via this web ui. In the background a mapping between their google account and the company email / employee identifier is maintained. And the user is connected to your GA account via an API call to google. This could be done with various services. In the background a cronjob is running and asking the LDAP / Active Directory if this user is still active (i assume that when an employee is leaving that the AD account is disabled/deleted). If the user is not active anymore, access on all services will be revoked automatically. I think that this problem is faced by many companies. Maybe this is a free startup idea. How you deal with this in your company? Or what solution you use / suggest / refer to? Or is there already a open source version of my dream service center? Or any reason why this is a dumb idea and you have a better alternative in mind? 0 comments on Hacker News.
As a company the usage of various SaaS is quite common (e.g. DockerHub, Github, Google Analytics for techblogs, ...). Some of those services offer auth interfaces like SAML (LDAP, Active Directory). Github is one. Some services offer nothing in this direction. DockerHub is one. Often the usage of a private account (eg in Github) make sense to keep history, resume and so on. Even google is doing this. See http://ift.tt/2CuNBfF The issue here: You are not able to get a mapping to the employee because their username, email or avatar can be quite wired/different. The big issue appears when the employee is leaving the company. That is the main reason for this Ask HN. I "dream" from a kind of engineers self service center. A web ui that has several "plugins". Each plugin related to one service (Github, Dockerhub, GA for techblog and so on). Every person who wants to see the analytics of the techblog requests access via this web ui. In the background a mapping between their google account and the company email / employee identifier is maintained. And the user is connected to your GA account via an API call to google. This could be done with various services. In the background a cronjob is running and asking the LDAP / Active Directory if this user is still active (i assume that when an employee is leaving that the AD account is disabled/deleted). If the user is not active anymore, access on all services will be revoked automatically. I think that this problem is faced by many companies. Maybe this is a free startup idea. How you deal with this in your company? Or what solution you use / suggest / refer to? Or is there already a open source version of my dream service center? Or any reason why this is a dumb idea and you have a better alternative in mind?
Hacker News story: Ask HN: How to handle user management for company used SaaS without SAML support
![Hacker News story: Ask HN: How to handle user management for company used SaaS without SAML support]()
Reviewed by Tha Kur
on
January 05, 2018
Rating:
No comments: