Intro
TDS has multiple ways of users authentication, authorisation and provisioning. Possibilities depend combination on customer requirements and TDS capabilities.
Types of supported environments
From network point of view
- public cloud
- common TDS
- dedicated TDS
- private cloud
- dedicated TDS
From AD/ADFS authentication integration point of view
- AD/ADFS disabled - everyone has TDS account and is authenticated only using TDS ldap credentials
- AD/ADFS enabled - everyone has TDS account and can be authenticated using TDS ldap credentials OR company AD/ADFS credentials
From users origin point of view
- employees - for which AD or/and ADFS can be enabled
- externals - AD nor ADFS cannot be used
Provisioning capabilities
General provisioning capabilities
- invitations
- colleagues or leaders can send invitations to people not present in platform, invited users must validate their email address, then they can enter their credentials or their credentials are read from AD if present
- sign-up
- users can create accounts by themselves - first they must validate their email address, then they can enter their credentials or their credentials are read from AD if present
- recommended for
- for platform with AD users only without any externals (currently or in future)
- for platform without AD connection
- it is NOT recommended
- in hybrid environments when AD users and NON AD users should be working in platform as users without AD account can create usernames as they wish and that can lead to conflict with current or potential future AD users leading to security issue
- CSV import
- currently requests must be raised via standard support channels as this functionality is available for TDS support ONLY (we are working on possibility to provide this to customer area admins and owners)
- recommended for
- hybrid environments when AD users and NON AD users should be working in platform - it gives customer key users (customer area admins/owners) full control over users that are joining platform
Provisioning capabilities suitable for various types of environments
- public cloud
- common TDS
- AD/ADFS disabled - all provisioning options are available - invitations + signup + CSV import. This is thanks to the fact that there is no ADFS nor AD integration. That means freedom in usernames, thus no security related limitations are present (to avoid usernames collision and similar).
AD/ADFS enabled- not possible
- dedicated TDS
- AD/ADFS disabled - all provisioning options are available - invitations + signup + CSV import. This is thanks to the fact that there is no ADFS nor AD integration. That means freedom in usernames, thus no security related limitations are present (to avoid usernames collision and similar).
AD enabled- not possible- ADFS enabled - only CSV import is available due to security related limitations to avoid usernames collision and similar.
- common TDS
- private cloud
- dedicated TDS
- AD + ADFS disabled - all provisioning options are available - invitations + signup + CSV import. This is thanks to the fact that there is no ADFS nor AD integration. That means freedom in usernames, thus no security related limitations are present (to avoid usernames collision and similar).
- AD + ADFS enabled - all provisioning options are available - invitations + signup + CSV import. This is thanks to the fact that there is AD integration which TDS invitations or signup functionality uses to read username+email+FirstName+LastName (NOT password!).
- AD + ADFS enabled - all provisioning options are available - invitations + signup + CSV import. This is thanks to the fact that there is no ADFS nor AD integration. That means freedom in usernames, thus no security related limitations are present (to avoid usernames collision and similar).
- ADFS enabled - only CSV import is available due to security related limitations to avoid usernames collision and similar.
- dedicated TDS