...
Types of supported environments
From network point of view
- public cloud
- common TDS
- dedicated TDS
- private cloud
- dedicated TDS
From AD/ADFS authentication integration point of view
- AD/ADFS disabled -
- everyone has TDS account and is authenticated only using TDS ldap credentials
- AD/ADFS enabled - everyone
- everyone has TDS account and can be authenticated using TDS ldap credentials
- everyone has TDS account and can be authenticated using company AD/ADFS credentials
From users origin point of view
Two users categories are distinguished:
- AD users - users with AD account (usually employees, but very often also subcontractors)
- can use
- AD or/and ADFS
- if enabled
- can use TDS ldap credentials
- non AD users - users without AD account (usually subcontractors)
- cannot use AD nor ADFS
- must use TDS ldap credentials
From users origin combination point of view
When both AD users and non AD users are present in TDS, we are talking about hybrid environment:
- standard TDS
- either AD/ADFS is enabled AND all users are AD users
- or AD/ADFS is disabled (TDS does not care whether users have or do not have AD accounts as there is no integration)
- hybrid TDS
- AD/ADFS is enabled AND some non AD users are present
Provisioning capabilities
...
Provisioning capabilities suitable for various types of environments
- public cloud
common TDS
AD/ADFS disabled- all provisioning options are available - invitations + signup + CSV import. This is thanks to the fact that there is no ADFS nor AD integration. That means freedom in usernames, thus no security related limitations are present (to avoid usernames collision and similar)
invitations- sign-up
- CSV import.
AD/ADFS enabled- not possible
- dedicated TDS
- AD/ADFS disabled disabled - all all provisioning options are available - invitations + signup + CSV import. This is thanks to the fact that there is no ADFS nor AD integration. That means freedom in usernames, thus no security related limitations are present (to avoid usernames collision and similar).
AD enabled- not possible- invitations
- sign-up
- CSV import
- ADFS enabled - only CSV import is available due to security related limitations to avoid usernames collision and similar. It does not matter whether users have or do not have AD account, in public cloud we would not be able to control users that are invited or signed-up, thus we would not be able to prevent security issues caused by potential users accounts collisions
invitations- sign-up
- CSV import
- AD/ADFS disabled disabled - all all provisioning options are available - invitations + signup + CSV import. This is thanks to the fact that there is no ADFS nor AD integration. That means freedom in usernames, thus no security related limitations are present (to avoid usernames collision and similar).
- private cloud
- dedicated TDS
- both AD + ADFS disabled - all all provisioning options are available - invitations + signup + CSV import. This is thanks to the fact that there is no ADFS nor AD integration. That means freedom in usernames, thus no security related limitations are present (to avoid usernames collision and similar).
- invitations
- sign-up
- CSV import
- AD + ADFS enabled enabled (ADFS does not matter) AND only AD users are present - all provisioning options are available - invitations + signup + CSV import. This is thanks to the fact that there is AD integration which TDS invitations or signup functionality uses to read username+email+FirstName+LastName (NOT password!).
- invitations
- sign-up
- CSV import
- AD + ADFS enabled - all provisioning options are available - invitations + signup + CSV import. This is thanks to the fact that there is no ADFS nor AD integration. That means freedom in usernames, thus no security related limitations are present (to avoid usernames collision and similar).ADFS enabled enabled (ADFS does not matter) AND some non AD users are present - only CSV import is available due to security related limitations to avoid usernames collision and similar.
- both AD + ADFS disabled - all all provisioning options are available - invitations + signup + CSV import. This is thanks to the fact that there is no ADFS nor AD integration. That means freedom in usernames, thus no security related limitations are present (to avoid usernames collision and similar).
- dedicated TDS
Authorisation capabilities
Authentication capabilities
...
- invitations
- sign-up
- CSV import
Authentication capabilities
- public cloud
- common TDS
- TDS ldap
- ADFS
- dedicated TDS
- TDS ldap
- ADFS
- common TDS
- private cloud
- dedicated TDS
- TDS ldap
- ADFS
- AD
- dedicated TDS
Authorisation capabilities
AD groups- not available in TDS- TDS project oriented users and roles management