AD Database Hybrid. AD Internal Hybrid

After watching the training videos I have a question about the following statement I copied out of the transcript.

An Active Directory database hybrid user source gives you the benefit of using your Active Directory system for authentication and the flexibility of using your database to store user information

The active directory internal hybrid user source provides security by authenticating through active director, yet still gives the flexibility of storing the user information internally in Ignition.

The company I work for has super strict IT/security/license policies and essentially demands that LDAP be used for all new devices. I'm new to LDAP and I didn't know you could implement Active Directory and store your user database in another location. Can you elaborate on the benefits of this added flexibility? It seems from an IT perspective it's just another security risk and audit trail to worry about.

Hi -

The AD / Database hybrid allows you to user LDAP for authentication and use DB for mapping roles and other properties that you may be interested in or that might not be available within LDAP.

This works well for use cases where you are leveraging a corporate LDAP that you don't have the ability to update (or that corporate won't let you update). It gives you the benefit of enforcing password and user account policies in LDAP and adhering to your business' security policies, while also allowing you to manage access to your Ignition application(s) within the database by assigning roles within the database.

Let me know if you have questions.