View access without logging in

Completed

Comments

11 comments

  • Official comment
    Avatar
    Rick Johnston

    All, SSO support is finally here: http://www.device42.com/blog/2017/07/single-sign-on-support-with-saml-2-0-in-v13-6-0/

     

    Comment actions Permalink
  • Avatar
    Raj Jalan

    Jens,

    We have on our list to add AD group sync that is either semi or fully automated. That way it will be easier to add users to an Active Directory Group and they will automatically have pre-defined permissions in Device42. I think that will solve your issue of having extra login for all employees. I will update this thread once we start working on that.

    Thanks,

    Raj

     

    0
    Comment actions Permalink
  • Avatar
    Jens Bech Madsen

    If we can also get single sign on working in the appliance, then I think it is a great solution. My intention is to avoid that users have to log in to just view info. But if SSO works and it automatically syncs with AD, then that sounds like the best possible solution.

    0
    Comment actions Permalink
  • Avatar
    Raj Jalan

    To enable view access for an Active Directory group, please follow the steps outlined below. Note that following requires v5.5.7 and above, as we added Save group sync and system generated groups : http://blog.device42.com/2014/01/system-generated-permission-groups-and-better-adldap-integration-with-v5-5-7/

    Enable AD integration if not already done so

    ?name=AD-Settings.png

    Save your active directory settings from Tools > Settings > Active Directory Settings, if not already done so.

    Create an AD group for view access users

    Create a group(e.g. D42ReadOnly) in Active Directory & add all users you want to have read only permissions. Please note that Device42 can't do recursive search, so members have to belong directly to this group.

    AD Group Sync in Device42

    ?name=AD-group-search.png

    Head over to Tools > Admin & Permissions > AD group sync and sync the group members with "System generated Read Only" Group. Shown in images above and below. You can save this group, so any further additions to AD group can be synced quickly.

    This will add any new users(that don't already exist in Device42) to Device42 with read-only permissions.

    ?name=ad-ldap-group-sync.png

    Adding any subsequent users

    ?name=ad-ldap-saved-group-dns.png

    If you add any users to the AD group, you can head back to Tools > Admin & Permissions > AD group sync and choose the saved DN to quickly add the new users

    0
    Comment actions Permalink
  • Avatar
    Jens Bech Madsen

    While having AD integrated logins is great, it still doesn't fulfill my initial request of users not having to log in to view data. I would prefer that the web interface was available to anyone without logging in, except if they want to edit data or view the audit trail.

    0
    Comment actions Permalink
  • Avatar
    Irena Nikolova

    +1

    If the tool doesn't keep any "secrets" there should be a read-only page visible by everybody.

    Agree that edits should require a login, but this is quite an overhead for a quick read-only check.

    0
    Comment actions Permalink
  • Avatar
    Raj Jalan

    Hi,

    Unfortunately, we can't provide a way to login without authentication at this time. We do have a method where  users can automatically login based on a hash based token passed via a web service. If you interested in using that method, please reach out to us at support@device42.com.

    Regards,

    Raj

     

    0
    Comment actions Permalink
  • Avatar
    Jens Bech Madsen

    I appreciate the suggestion, but it really isn't what I am looking for. I want to be able to email people a link to a device so they can easily see the info they need. I don't want to force people to jump through hoops just to get contact info for a device.

    The problem is that if it isn't easy enough, people don't use the tool.

     

    0
    Comment actions Permalink
  • Avatar
    Raj Jalan

    While there are no plans to add no-auth login to the app, we have added option to add notes on the login page in v7.1.0: http://blog.device42.com/2015/06/enhanced-custom-fields-console-server-auto-discovery-support-for-variable-width-devices-and-devices-outside-the-rack-in-v7-1-0/

    With that you can add instructions for users on how to do a default login etc.

     

    0
    Comment actions Permalink
  • Avatar
    Irena Nikolova

    Hi Raj,

    What is required to review the above again?
    Currently getting data from IPAM requires multiple manual steps (login to IPAM, download CSV, extract data etc).

    Can this be simplified?

     

    Thanks,

    Irena

     

    0
    Comment actions Permalink
  • Avatar
    Raj Jalan

    Hi Irena,

    Same as before - no plan to allow un-authenticated login. Perhaps you can grab the data via report that can be emailed to you automatically or via the APIs.

    Thanks,

    Raj

    0
    Comment actions Permalink

Please sign in to leave a comment.