Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Authorization and authentication. Like it or not Microsoft Active Ditectory or Azure AD (basically the cloud version) works with everything and it’s kinda the only single-signon/shared login solution for enterprises. You can build something yourself with LDAP, Kerberos and maybe Keycloak, but why bother when you more or less need AD for Windows and Exchange anyway.


Self-hosted Gitlab instances also can act as authentication services.

Connecting git with an internal AD/LDAP allows for not requiring Azure AD.


This isn’t a solution for enterprises, however.


For juniors: Enterprises and even small startups need to comply with their industry’s security certification (PCI, ISO, whatever) which requires traceability of logins (and central revocation when employees quit and provably complex passwords and inability to retry 100 times, etc.)


I'd love to read more about it. Got any links?


Here has one related post: API Security with OIDC by using Apache APISIX and Microsoft Azure AD

https://dev.to/apisix/api-security-with-oidc-by-using-apache...


If it's just SSO, I have many good things to say about keycloak.


We use Okta, currently with on-prem AD, but are whittling away at the use cases for the latter and hope to be AD-free once we solve for RADIUS (suggestions welcome :)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: