EmilS Posted September 24, 2020 Share Posted September 24, 2020 Hi. I'm trying to design a solution with the following properties: Manage accounts in a local AD - i.e. password change and account unlock/lock on check out/check in of passwords Passwordstate users coming from another (Azure) AD - and not managed locally in passwordstate Is this possible to archive? I imagine doing SAML auth for passwordstate users and regular AD integration for the "protected" accounts. And how is this licensed? Since there will be no locally created users in Passwordstate? Link to comment Share on other sites More sharing options...
support Posted September 24, 2020 Share Posted September 24, 2020 Hello EmilS, With our SAML Authentication, you still need to have "matching" accounts in Passwordstate - they don't need to be AD Accounts, and instead you can create Local Accounts. I've provided a screenshot below for this. And with your SAML Configuration, you need to select which field you want to match against back in Passwordstate, once the SAML Authentication completes successfully i.e. UserID or EmailAddress - most customers pick EmailAddress. As you want a mixture of AD Accounts and Local Accounts in Passwordstate, you may need to use SAML Authentication for all of them. The only way to work around this is to disable 'Anonymous' Authentication for the site in IIS, and then use a User Account Policy (in the Admin area), to specify a different Auth option for the AD Users. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.