AD/Database Hybrid Good Practice

I'm in the process of implementing Active Directory Database Hybrid user source, I'm stuck in paralysis by analysis right now and I need a push.

Have you implemented an AD Database Hybrid model and how did you link the roles to the AD users? From what I can tell:

• you can duplicate the users into a database and link that to roles
• you can link AD to a database of roles but that it heavily IT involved.
• you can script when a user logs in and validate against roles.

I'm sure there are other methods but I'm looking to see what the best practice is. DO you have any input or suggestions on implementing a database of roles to an active directory list of users?

Hello Drewdin,
Since IT departments are heavily involved in this AD process, it is recommended to reach out to them. Especially since they will likely have the information you will need to access your AD, Ignition gets its users and passwords from the AD, and the rest should come from the Database, I highly recommend getting your IT involved.

• Active Directory Authentication - Ignition User Manual 8.1 - Ignition Documentation
• AD Database Hybrid - Ignition User Manual 8.1 - Ignition Documentation

Thanks, I do have AD working properly, now I just need a good way to link the roles to the AD users. I take it that I need to manually link them to the AD usernames.

Hello Drewdin,
I am implementing an AD-Database hybrid source currently. How did you solve this?
I was thinking about duplicated the users in a databsse and used a mapping table to link them with the roles.
Did you have any recommendations according to yous experience on this topic?

I did it two ways, it depends on how many front ends you have. I just used the Ignition internal database for roles and permissions on a single front end.

I used an external database for roles and permissions when I had multiple front ends behind a load balancer.

What have you tried?

IT people told me I can use an Active Directory component to be installed in the Ignition gateway server, so I can have access to the AD database and then take the users and store them on my local database, create the mapping table and authenticated against the AD.

I have more than 1 Frontend.
In your solution with multiple frontends, how do you link the users to the roles and permissions tables?

Its one database of users/roles/permissions, each front end looks at the same tables for consistency. That way the information is the same between them.