Restricting users with AD domain groups

Restricting users with AD domain groups

  

Hi all,

I'm new to Outsystems and am looking in to using AD authentication for apps that we develop.

One of the requirements is that we need to restrict access to applications to only people who are in certain domain groups in AD.

I've gone through and set up our dev environment to use AD authentication and can log in to our apps using my AD credentials. I've also seen the Active Directory Forge module and have installed it. I haven't been able to figure out too much with it as I haven't come across any documentation for it yet. Can someone point me in the right direction there?

Also, if anyone has any experience in restricting users to certain domain groups in AD, can you please point me in the direction as to where I should research? I have seen the module that copies across domain groups to Outsystems, but I'm not particularly keen on heading down that path. Is there a native AD authorisation that we can use?

I'm coming from a Java/Spring background so am used to the Spring Security framework having done all the heavy lifting for me in the past.

Thanks in advance.

Sam.

Sam Cox wrote:

Also, if anyone has any experience in restricting users to certain domain groups in AD, can you please point me in the direction as to where I should research? I have seen the module that copies across domain groups to Outsystems, but I'm not particularly keen on heading down that path. Is there a native AD authorisation that we can use?

Given that the platform defines it's own Access Control framework through the use of Roles (defined in modules by developers, at design time), in order to map those to whatever AD groups you will do it yourself.

That being said, as part of that mapping you might want to take advantage of the OutSystems Group concept, as a way of assigning multiple Roles to members...

Some relevant posts and/or forge components I think might be relevant for you:

  1. https://www.outsystems.com/forums/discussion/17376/mapping-active-directory-groups-to-roles/
  2. AD Import
  3. Sync AD Auth Provider (installation manual)

The last one is actually for IT users (it's a LifeTime plugin), but you might be able to use the same approach for end-users.