Enhanced LDAP capabilities for better user management

Hacker on devices 3

Recapping the first half of the year, we’ve introduced a lot of new product capabilities which include the Live Viewer, Clone Option, and Public Application Boxes to make it easier for DevOps to work together in small teams, and collaborate on large projects across organizations.

ElasticBox continues to help IT management teams automate deployments in compliance with their corporate policies, the latest launched feature: Enhanced LDAP Groups.  In our commitment to simplify the life of IT ops we are providing them with more visibility, control and insight into their users and resource trends.  

We introduced LDAP groups 2 years ago, to help sync LDAP groups in your organization with ElasticBox workspaces. This tool enables users to sign in with their org credentials and immediately start working in a team assigned workspace in ElasticBox. Reduced setup friction, simplified on-boarding process, and controlled access to deployment assets are just some of the benefits of integrating LDAP in ElasticBox.

So what does this enhancement mean for you?  Beyond refreshing the portal and user experience, the Enhanced LDAP Groups offers filtering of groups for easier discovery of complex implementations and support for posixGroups.  The group filtering allows you to sort and show only your desired users and groups, which saves significant time when performing regular maintenance and auditing tasks. Since all groups are provided in the all-up  query, this allows you to sync only certain groups (e.g.: only specific engineering or operations teams). That way you can have only the desired groups synced and reduce the sprawl of group records.

The LDAP groups support have been expanded to POSIX groups. Previously, all groups needed to be one of these objectClass: group, groupOfNames or groupOfUniqueNames. The membership of the user in those groups was checked by the member or uniqueMember attribute. With the latest enhancement, we now support posixGroups and using the attribute memberUid. This helps organization using posixGroups to also use them in ElasticBox.

For Active Directory users with lots of groups, we currently use pagination to retrieve your groups, allowing you to have more groups. The support for pagination is autodetected so you don’t need to configure anything.

From an experience perspective, the UI has been re-designed from the ground up based on feedback from customers. The fields have been rearranged and clarified, and we provide a way to preview all synced LDAP groups. We also added a way to test the LDAP configuration while you are editing to help you prevent any issues in advance.

Screen Shot 2016-05-26 at 13.22.46

You’ll find LDAP groups on the left upper side within the Authentication option. Once you sync your LDAP groups, any user in your ElasticBox organization can edit their team workspace and search various attributes.  They can also add LDAP groups or a specific member of the group.

Screen Shot 2016-05-26 at 14.58.55

What happens when changes occur to LDAP groups?

ElasticBox detects group member changes when a user from that LDAP group logs in. Any general changes to the groups get updated every 24 hours or manually when you sync.

  • If a user is deleted in LDAP, they will not be able to sign-in to ElasticBox
  • If a user is removed or moved out of an LDAP group, when they log in, they would no longer have access to the corresponding workspaces where they were a member.

With this enhancement, LDAP configuration is easier than ever, supporting more LDAP server and speeding the setup.

Managing user authentication is easier with Enhanced LDAP Groups .  Try it out now!




Hacker News

Categories: Uncategorized