We have acquired Talent Management Cloud (SaaS) Software Service and we are considering a solution to implement Single Sign-on (SSO) against Active Directory.
The provided guide to implement SSO from the service provider assumes that SSO will only work if the user is logged in to the network domain and opened the browser from inside the work network.
But this solution is not good. This means when the user needs to access the software from outside the work network, he will have to either login using VPN or he must use the Username/Passwrod defined in the software User Admin Section which is different than the credentials defined in Active Directory. In both cases, it is a pain.
So, we are considering the following solution to remove dependency on the software specific authentication, and also to avoid the need to start VPN.
The solution we are considering is as follows:
1. Develop the main Login Page using ASP.NET and host it using our own resources. This way we will not use the main login page of the service
2. Implement the SSO following the provided guide from the implementation consultant, and integrate the developed Login Page with the SSO logic
3. The Login Page/SSO should authenticate the user using the credentials retreived from the browser if the web page is opened from the within company network
4. If the web page is opened from outside the company network (public internet) it should automatically display Username/Password fields with a "Login" button to authenticate against active directory. In this case, the user will enter his Windows Username/Password and click "Login" which will authenticate against Active Directory, and trigger the SSO logic to login to service.
Based on my technical knowledge, the above is possible in theory, but I did not try it yet.
I would like to know if the above solution can be implemented and if it is technically possible.
Tarek.
