I could use some advise on how to best implement SSO for a multi-tenant app. I have a legacy aspnetboilerplate application (react frontend) that is currently on version 5.1 of the framework which I believe is 3 major versions behind.
The app now wants to use SSO for at least one of the tenants that has thousands of users. So the options I'm trying to consider are:
A. Update the aspnetboilerplate to the latest version then setup idententity server.
B. Port the application to ABP.IO commercial and then use the SSO implementation in that framework. The application is relatively small so porting from aspnetboilerplate react to abp.io angular is doable but I don't want to add any unnecessary risk.
A few questions:
If the tenant in question is using ADFS does one of these approaches provide better integration?
I know aspnetboilerplate has tables for Organizational Units but I assume all of the management would have to be custom built. I believe ABP.io may already have functionality to use ADFS Organizational Units. I guess in my ideal configuration we could setup Organizational Units in ADFS to group the users. If ABP.IO Keeps that in sync then we should be able to setup roles and permissions for users of the Organizational units. That way new users just get created in ADFS, put into a group and then they inherit the correct permissions in the app.
Any thoughts, suggestions, questions?
3 Answer(s)
-
0
Hi, We recommend you migrate to
abp.iocommercial. but you need to consider the time cost.Option A can save a lot of time.
I believe ABP.io may already have functionality to use ADFS Organizational Units
As I know, There is no such function yet
-
0
Do any of the SSO options for ABP.IO support Organizational Units?
This is probably going to be a rather large project whether we go with option A or B. Can you provide any other details that can help in making this decision, it's an important an challenging decision so I'd like to consider as much as possible before starting.
-
0
Hi,
Do any of the SSO options for ABP.IO support Organizational Units?
Could you explain in detail? thanks.
This is probably going to be a rather large project whether we go with option A or B
You can choose not to upgrade, I think the current version also supports SSO
