LDAP SAML Active Directory Account Federation single sign on in the Cloud – Update

LDAP SAML Active Directory Account Federation single sign on in the Cloud – Update

Back in May we blogged about some new promising updates coming to Incident Tracker that focus on Account Management.  In particular, how to implement a federated solution for Cloud customers, so that Incident Tracker customers using the software in the cloud could leverage their existing in house Directory Services.

With this in mind the goal was to allow for either a same or single sign on experience, one log in for all of the customers’ business apps.  To that end the Incident Tracker team has been busy adding three new account management options scheduled for release this quarter.  Those options are windows-based Single Sign On (with Azure Portal and Office365 support) SAML compliance (including Azure portal hooks) and our own LDAP query tool which closely mimics SAML in functionality, but geared at customers who haven’t made the leap to SAML and want something with little setup needed.

First let me talk about SAML.  Incident Tracker version 15 (soon to be released) will support SAML 2.0 (Wikipedia reference).  This now means that a customer running SAML for single sign on can leverage that against Incident Tracker.  Running SAML doesn’t prohibit creating non SAML accounts either, so you will have the flexibility of running a mixed mode environment with some native Incident Tracker accounts and some SAML based accounts.  The process is seamless and the accounts are still ubiquitous throughout the application, users won’t know the difference, other than not needing to know a different password.

Because of the growth of Azure, we also support the behind the scenes linking to an Azure portal page that trusts the Incident Tracker cloud domain to certify SAML tokens.  So in the end a private SAML setup or a more cloud-based Azure setup will be compatible with the Incident Tracker account federation approach.  Even Azure stack should work natively.

Now, if SAML is something you haven’t adopted yet but you would still like the flexibility and power of federating accounts between Incident Tracker Cloud and your private user database, Incident Tracker v 15 offers a solution, we call this LDAP Query.

LDAP Query mimics the functionality of SAML with very minimal configuration (which an Incident Tracker technician can do for you).  The main difference is that this approach is a same sign on rather than single.  You still use your Active Directory account to log in, as an example, rather than the zero step process of opening the app and having it trust a token.  A log in is required.  Some customers actually prefer this method because it does require this authentication factor to be completed manually.

Lastly we are in the beginning stages of testing and supporting certain OWIN based Single Sign On solutions, such as what you might see in an Azure Portal with Azure AD and Office365 accounts.  This is still being tested but is working live already for a corporate customer in their Azure enterprise environment.  How well this will port into the Incident Tracker Cloud environment is yet to be seen, but we are optimistic.

With so many account management options available now we are closing ground on providing a full incident management solution for customers looking for a hosted, non-hosted, hybrid or emerging enterprise hosted platform that integrates with off-site accounts.

We are excited about providing these new options to you.  In the upcoming version 15 update there are other new features being added.  User accounts can be temporarily disabled, Executed Workflows can be set to attach a copy of the Report being evaluated during the submission on an email alert, headers can be applied to Reports now (customer logo and disclaimer text), the Report PDF Generation process has been improved and most notably “Groups” are being added to allow site admins to manage users rights and restriction by group membership rather than just individually (there are future plans to sync these Groups with your own user database Groups).  Executive Reports can now be automatically distributed that capture key performance indicators and much more.

As always we hope you find these upgrades a welcome addition to the software, they come largely from your requests.  We also have a new support site coming online at http://support.incident-tracker.com.  So please keep the feedback coming.

As always best regards from the Incident Tracker Team.