Adaxes User Management

Adaxes User Management 1024 683 Nextware Technologies

In an ideal world, all enduser access to your application or solution is controlled via Active Directory. Even better are single sign-on (SSO) integrations as the one mentioned in one of our previous blog posts. But what if …

  1. All of your external endusers are not part of your internal Active Directory?
  2. Your application or solution is hosted in the Cloud?
  3. Your IT team does not want to deal with managing your ever-changing list of external endusers, but also requires you to manage all access through AD?

This is the scenario Nextware faced with one of our large corporate clients. In the end, we designed and built a solution for them that would solve all these problems. A key ingredient is Softerra Adaxes. This software sits like a layer “on top” of an Active Directory and enables us to grant internal, non-IT administrators limited and exactly defined access to an Active Directory to manage their external endusers themselves, without the need to involve any IT staff nor any in-depth knowledge of how Active Directory works.

2016-01 #2 Adaxes DAM User Management

As you can see in the diagram, internal users are still managed by the IT team of our customer. Their connection to Canto Cumulus Sites and Web Client (= a DAM solution) is handled by an SSO integration. However, internal Cumulus administrators can use Softerra Adaxes’ web-based “User Manager” to create and manage their external end users in a secondary Active Directory hosted in the cloud. This includes assigning users to Active Directory groups which are mapped to Cumulus application roles. This “User Manager” is completely customizable. This is how we designed the look for our customer’s user administrators:

2016-01 #3 Adaxes DAM User Management

Each of these so-called “home page actions” can be defined down to the finest detail: It is for example possible to allow admins to create users in very defined organizational units (OUs) and assign them to a very defined group (or: groups) within very defined OUs, so that they can only grant access or modify parts of the Active Directory they are allowed to. The configuration can be as close or as open as needed.

To an Adaxes user, the “Create new user” dialog could appear like this in their browser:

2016-01 #4 Adaxes DAM User Management

This can be done for any of the homepage actions and even the home page layout is completely customizable. This is really great news for all Cumulus customers who are required to manage their users via AD, but always complained about the extra effort and delay when they need to create a new user or needed to modify an existing one … like moving a user into a different group, aka: Cumulus role. With Adaxes, that responsibility can be given straight to the people also managing Cumulus.

If you are interested in a similar solution, please contact us.