Lets say I have three environments (dev, staging, prod) that I will be deploying my project on, and I want certain users to have access to the dev/staging versions.
I am defining who has that access by an AD group, and I need to limit project access to an authenticated user containing that group. No problem
However I am managing the project with git and dont want to have to manually change the project security requirement when it goes from Staging to production, so I think that I need to define the security at the gateway level and not the project level.
My question is, is the best way to do this by limiting the AD search filter on the dev/staging gateways to only look for users within that group, and then require the dev/staging projects to require authentication in general? That way they can only authenticate if they are in that group?