View access without logging inCompleted
I would like to give all employees of our company access to read the info in D42 without logging in. Edits should require login, but it would be very useful to not have to log in when you just need to check the location of a server or something similar.
We have no secret information in the system, so we don't need to have read access limited.
All, SSO support is finally here: http://www.device42.com/blog/2017/07/single-sign-on-support-with-saml-2-0-in-v13-6-0/
We have on our list to add AD group sync that is either semi or fully automated. That way it will be easier to add users to an Active Directory Group and they will automatically have pre-defined permissions in Device42. I think that will solve your issue of having extra login for all employees. I will update this thread once we start working on that.
If we can also get single sign on working in the appliance, then I think it is a great solution. My intention is to avoid that users have to log in to just view info. But if SSO works and it automatically syncs with AD, then that sounds like the best possible solution.0
To enable view access for an Active Directory group, please follow the steps outlined below. Note that following requires v5.5.7 and above, as we added Save group sync and system generated groups : http://blog.device42.com/2014/01/system-generated-permission-groups-and-better-adldap-integration-with-v5-5-7/
Enable AD integration if not already done so
Save your active directory settings from Tools > Settings > Active Directory Settings, if not already done so.
Create an AD group for view access users
Create a group(e.g. D42ReadOnly) in Active Directory & add all users you want to have read only permissions. Please note that Device42 can't do recursive search, so members have to belong directly to this group.
AD Group Sync in Device42
Head over to Tools > Admin & Permissions > AD group sync and sync the group members with "System generated Read Only" Group. Shown in images above and below. You can save this group, so any further additions to AD group can be synced quickly.
This will add any new users(that don't already exist in Device42) to Device42 with read-only permissions.
Adding any subsequent users
If you add any users to the AD group, you can head back to Tools > Admin & Permissions > AD group sync and choose the saved DN to quickly add the new users0
While having AD integrated logins is great, it still doesn't fulfill my initial request of users not having to log in to view data. I would prefer that the web interface was available to anyone without logging in, except if they want to edit data or view the audit trail.0
If the tool doesn't keep any "secrets" there should be a read-only page visible by everybody.
Agree that edits should require a login, but this is quite an overhead for a quick read-only check.0
Unfortunately, we can't provide a way to login without authentication at this time. We do have a method where users can automatically login based on a hash based token passed via a web service. If you interested in using that method, please reach out to us at firstname.lastname@example.org.
I appreciate the suggestion, but it really isn't what I am looking for. I want to be able to email people a link to a device so they can easily see the info they need. I don't want to force people to jump through hoops just to get contact info for a device.
The problem is that if it isn't easy enough, people don't use the tool.0
While there are no plans to add no-auth login to the app, we have added option to add notes on the login page in v7.1.0: http://blog.device42.com/2015/06/enhanced-custom-fields-console-server-auto-discovery-support-for-variable-width-devices-and-devices-outside-the-rack-in-v7-1-0/
With that you can add instructions for users on how to do a default login etc.0
What is required to review the above again?
Currently getting data from IPAM requires multiple manual steps (login to IPAM, download CSV, extract data etc).
Can this be simplified?
Same as before - no plan to allow un-authenticated login. Perhaps you can grab the data via report that can be emailed to you automatically or via the APIs.
Please sign in to leave a comment.