Using v 8.1.1. I have my One Identity install in one domain and all my users have AD accounts in another (synced) domain and there is no trust between them. I was thinking of putting the Web Portal in the untrusted domain where all the users are so that the users can Authenticate to the Web Portal with their credentials from that domain. (Just putting the untrusted user domain in the Authentication Domains config parameter doesn't work). I think this may work but one requirement that is likely to cause problem is that the users need to be in the SQL Role basegroup. Since the domains are untrusted, the web portal users cannot be put into this role. This got me thinking how the oauth authenticator would work then when the accounts aren't in the domain either so how can they be in the basegroup role? Will putting the web portal in a different domain for authentication purposes work?
- Products
- View all products
- Free trials
- Privileged Access Management
- Overview
- PAM Essentials
- Safeguard
- Safeguard On Demand
- Safeguard for Privileged Analytics
- Safeguard for Privileged Passwords
- Safeguard for Privileged Sessions
- Safeguard Remote Access
-
Endpoint Privilege Management
- Privilege Manager for Windows
- Privilege Manager for Unix
- Safeguard Authentication Services
- Safeguard for Sudo
- Access Management
- Identity Governance and Administration
- Active Directory Management
- Log Management
- Solutions
- Resources
- Trials
- Support
- Partners
- Communities