0 votes

I'm currently evaluating if Adaxes could be our access and identity mangement solution and find it very powerful. The only thing that's left is that we have some internally developed applications that we grant general access through AD groups but on a more granular basis additionally inside an Oracle database. That means that a user needs to be member of AD group e.g. "APPLICATION-ONE-USER" to be authorized to use application "One", but additionally needs some entries inside a database which the application checks to allow or disallow certain things. We calculated that we would need about 2500 groups to solely manage that through AD groups.

Now I totally understand that Adaxes is an AD management tool (and in regards of forum name I might even be off-topic), but is there any way that we could manage those privileges inside the Oracle database through Adaxes?

First I thought 'no problem, anything you can't do directly is possible through powershell'. And there are even examples available to exchange information with MS SQL server. But how can one let the user pick certain roles inside the web interface depending on either groups he is already a member or is trying to become a member? I found so called virtual properties which can be added to the interface and be evaluated in business rules without actually being real AD properties, but I'm not sure if there's a way to create that "cascading multi-select" we need.

I was able to "inject" CSS to the web Interface through the footer config. So maybe it's possible to inject custom JavaScript, too, and do something to the virtual properties fields. If it's necessary I would also create a REST-service reading the current database entries that this JavaScript could access. As I wrote, it's crucial for us to have single access point for the users to manage the privileges and their properties.

Any ideas how we could do it?

by (40 points)

Please log in or register to answer this question.

Related questions

0 votes
1 answer

where is the configuration module to set up and external db for logging purposes

asked Apr 13, 2020 by chappyshi (90 points)
0 votes
1 answer

Hi again, We use a regional model for our AD, with a root domain and three regional domains. Global resources, such as Exchange are hosted in the root domain (i.e. ... domain Administrators builtin group, which i wouldn't like to do. Did i miss something ?

asked Mar 18, 2011 by sroux (800 points)
0 votes
1 answer

I'm attempting to build a custom PS command that will return the number of mailboxes per database in our Exchange 2010 environment. This is the script I'm using which works ... -Database $_.Name).Count} How can I make this work through Adaxes Custom Command?

asked Dec 7, 2012 by mdeflice (350 points)
0 votes
1 answer

AD is our identity source for Okta. When a user's AD account locks, the corresponding Okta account locks too. When the user self-unlocks the AD account via Adaxes, the ... there a way where Adaxes can also unlock the Okta account by leveraging Okta's API?

asked May 14 by ma4997 (20 points)
0 votes
1 answer

Hi Support, We are looking into a way for providing the security group owners in AD to manage the group memberships in Adaxes via self service portal. I did see a ... to manage group membership in Adaxes self service portal. Any help with this is appreciated.

asked Sep 9 by Vish539 (460 points)
3,589 questions
3,278 answers
8,303 comments
548,140 users