Security

Does anyone know if you can do sponsor lookups via ADFS or SAML?

 

 

SAML is an authentication method. You can do lookups against an LDAP server only.

Server guy suggestion I've never implemented it.

So what's the preferred method of doing sponsor lookups against several domain controllers?
Please visit us at http://www.teletech.com
............................................................
This EMAIL and any attachments may contain confidential, proprietary and/or privileged information. If you are not the intended recipient, please immediately notify the sender by return email, and delete this communication and any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be subject to criminal and civil proceedings. Unless otherwise stated, opinions expressed in this email are those of the author and are not endorsed by TeleTech Holdings.
............................................................

Are they different domains?

They're all under our domain.com structure but basically we have a pair per geographical region with the primary in one datacenter and the secondary in the geographical region.

So we may have

Domain.com
Country.domain.com
Country2.domain.com

Basically 5 different DC pairs. Writing CPPM rules are a blast because of this.


Please visit us at http://www.teletech.com
............................................................
This EMAIL and any attachments may contain confidential, proprietary and/or privileged information. If you are not the intended recipient, please immediately notify the sender by return email, and delete this communication and any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be subject to criminal and civil proceedings. Unless otherwise stated, opinions expressed in this email are those of the author and are not endorsed by TeleTech Holdings.
............................................................

Do you already have sponsorship lookups working via LDAP?   You should do that first to get the feel of it before deciding if you possibly want to do that with multiple domains.

I do. can it look across 5 servers?
Please visit us at http://www.teletech.com
............................................................
This EMAIL and any attachments may contain confidential, proprietary and/or privileged information. If you are not the intended recipient, please immediately notify the sender by return email, and delete this communication and any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be subject to criminal and civil proceedings. Unless otherwise stated, opinions expressed in this email are those of the author and are not endorsed by TeleTech Holdings.
............................................................

Unfortunately only a single server is supported at a time..

So the only solution is probably going to be OpenLdap acting as a proxy to farm the query across all servers.

Please visit us at http://www.teletech.com
............................................................
This EMAIL and any attachments may contain confidential, proprietary and/or privileged information. If you are not the intended recipient, please immediately notify the sender by return email, and delete this communication and any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be subject to criminal and civil proceedings. Unless otherwise stated, opinions expressed in this email are those of the author and are not endorsed by TeleTech Holdings.
............................................................

I guess the big question is, do you want to have guests pull up every "Robert" at the company to request a guest account?

We'll it will be several years until they are all collapsed into a single AD pair, so I do not really have a choice.

Please visit us at http://www.teletech.com
............................................................
This EMAIL and any attachments may contain confidential, proprietary and/or privileged information. If you are not the intended recipient, please immediately notify the sender by return email, and delete this communication and any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be subject to criminal and civil proceedings. Unless otherwise stated, opinions expressed in this email are those of the author and are not endorsed by TeleTech Holdings.
............................................................

What is the organization doing now for sponsorship?  Can't they have a hybrid approach that could involve the receptionist or a kiosk?  I does not have to be 100% sponsorship, right?