You need
to create an Access Control system in your .NET or PowerBuilder applications.
Your organization already manages Active Directory Accounts.
So you wonder if you can re-use AD accounts for the authentication
phase, and add a permissions system.
This would imply significant development.
First you would have to develop, implement and maintain a
permission system. Then you would have to code in order to
manage the integration of Active Directory into your system.
Or you could use Visual Guard for PowerBuilder: it provides
a ready-to-use solution for authentication, permissions and
audit. You can reuse Active Directory authentication to enter
PowerBuilder applications and then use Visual Guard permission
features to create, modify and manage permissions.
Visual Guard offers powerful features such as:
Users will sign in to PowerBuilder applications with their Windows accounts
With Visual Guard for PowerBuilder, you can use Active Directory accounts to authenticate users and define which account can access each PowerBuilder application.
When a user tries to enter the application, Visual Guard asks for his credentials, checks the user identity with Active Directory and lets the user access the application if he was authorized to.
Users start the application and get authenticated silently.
Visual Guard offers a ready-to-use Single Sign-on solution for PowerBuilder Applications:
Define what a user can do within the application
With Visual Guard for PowerBuilder,
you can grant roles and permissions to Active Directory accounts.
As a result, you define what each user can do within the application
(which data they can access, which controls they can use etc.).
Users Permissions are automatically enforced after authentication.
Visual Guard offers the possibility to define such roles and permissions without
writing code in your application.
You would do that in a few clicks within Visual Guard Administration
console.
Manage Permissions at Group Level
With Visual Guard, you can define a hierarchy of user groups, for instance replicating the hierarchical structure of your organization.
You will grant access rights to groups and place users in Windows groups. This way, you no longer need to manage permissions for individual user. A user can belong to one or several groups.
Depending on your architecture, you may NOT want to use Active Directory accounts. Visual Guard can manage its own user accounts (created and stored within Visual Guard). You can also reuse existing user accounts such as Facebook, Google, etc.
Visual Guard allows
you to implement mixed mode authentication:
In some cases, you need to have mixed mode Authentication.
For example both the employees and the customers access your
applications. Visual Guard allows you to manage mixed mode
authentication. You could use Active Directory/Windows accounts
to authenticate Employees, and application accounts to authenticate
customers.
Another possibility is to implement Single Sign-On on the desktops of your end users, and to have one or a few desktops available to everyone. On these particular machines, you want to stop Single Sign-on process and to have everyone entering his/her credentials to access the applications. Visual Guard for PowerBuilder enables you to have this kind of “kiosk” desktop, even if you use Single Sign-on on all other machines.