Active Directory is used by most of our customers, so the need to integrate with it appears in almost every project. To prevent teams from having to solve this problem every time, True Engineering developers have created a service that we can now embed in other products ready-made. We share our experience.
Any product has users, and their information needs to be managed somehow - create accounts, save passwords, add users to groups, etc. User data is stored in Active Directory, so developers of new products need to build connections with this service, register all the necessary processes, and take care of security.
We have now automated this part of the work within the framework of a separate AReS microservice - from the Account Registration Service. He knows how to add new users to AD, send them letters with registration information, remind them to come up with a password. It is a complete component and can be copied into almost any product.
Process architecture
When a user logs into the system, his data goes to RabbitMQ, from where it is picked up by AReS. The package contains all the information you need to create an account:
Username,
email address,
the groups in which he participates,
mailings that he receives.
AReS transfers this data to Active Directory, or rather to the Active Directory Management Service microservice. The information is saved in the database, after which the user only needs to create a password.
AReS , . , . , , . โ 13 . , AD .
MailService. , , .
: , Active Directory, , .
, AReS . , โ . , , - . , , , , . .
โ AReS Rabbit, , AD. : , , .
โ .
AReS , . , MailService.
โ True Engineering . , , . , , MailService .
We also want to expand the possibilities for working with AD itself. It allows you to manage not only user accounts, but also their workstations. You can configure the ability for groups of employees to use only specific computers - for example, so that no one can log in to the CEO's laptop. The same is with cash registers, terminals, other devices, where you need to log in through AD. Our module will help to embed the rules for working with them into the logic of products so that administrators do not have to configure it additionally.