Figuring out auth

Hey all,

We need to figure out some sort of auth system that doesn’t suck. Basically, the requirements that I can think of are:

  • Hooks into Jira (ideally only for admin users)
    • We’re currently in an awkward place with Jira auth, aiui.
  • Hooks into Jenkins
  • Able to use http auth with nginx
    • Plan to use this for Consul, etc.

And a few not requirements, but things I would like:

  • VictorOps SSO (not rolled out yet, but should be in January) (Want)
  • Cross-server authentication (Really want)
  • IAM integration (Not sure if it’s possible, but if it is, really want)

Thoughts? I’m currently thinking something LDAP-compliant is probably the best plan, but open to suggestions.

1 Like

The AWS Active Directory thing I sent you seems like a good option.
Community Ops isn’t really in a good place to be reinventing the wheel, or even putting together a wheel, when it comes to auth. If we can just use AWS’s thing, with an LDAP gateway of some sort, that may be ideal.
Otherwise, I’d go for some other directory like Crowd.
You know, as for Jira, why don’t we setup a directory (like AWS AD) and let anybody create an account with that directory by default, JIRA could act as our user management for all of our infrastructure.
Sent from Outlook Mobile

1 Like

I think DS is the best option, unless we wanted to do something like JumpCloud. I’m not sure about the idea of letting everyone sign up, because frankly, they don’t need to have an account to access all this stuff. I’d prefer to have us manually create the accounts, at least now.

You know, JumpCloud just might be cheaper right now. I don’t know if that’ll be the case in the future, but for 1-10 users they’re free, past that it’s $10/mo ($7/mo if paid annually). DS is $38/mo for a small, which does up to 50 users.

So at 14 users we’d be paying more.
We definitely have a use case for more than 14 users
Sent from Outlook Mobile

You’re right. 11 users doesn’t give us much room to expand. I’ve been playing around a bit with DS but not enough to have formed any opinions on it. Will do more playing tomorrow probably.

Are they equal besides cost? Cost shouldn’t be the primary factor for discussion, Not until functionality has been thoroughly considered.

JumpCloud would probably be a lot easier to set up.

What about drop box or box. Com as I am guessing jump cloud is for pc

I use Dropbox and one drive my self

No, it’s directory services. They accomplish totally different things.

Can we not just use qauth 2 or try active directory or open ldap

I’m not sure what Qauth is, and OpenLDAP isn’t my first choice, because
I don’t know a lot about LDAP, but that’s what I’m currently trying.

David Weir wrote:

At this point I’m thinking Crowd may be our best bet.