I’m working on an XP site hosted on Enonic Cloud that I would like to connect to a company Active Directory for user authentication (and possibly authorisation). The company IT dept are naturally hesitant to expose the LDAP externally, so I’m looking into my options.
Does anyone have experience with a similar issue running XP on an external cloud? One option is to set up a VPN tunnel from the Enonic instance to the company network, and use the LDAP plugin from Enonic market, I guess. Another option is perhaps connection through some ADFS setup which I understand might be less problematic to expose externally from the company network?
Also, would a typical setup be that there is a semi-constant sync of users from AD to local Enonic XP users, creating new ones as soon as they are added to AD? I’d also prefer to enrich the XP user profiles with roles and other metadata once they are set up, and that syncing users doesn’t overwrite these settings.
I must admit I have very limited experience with AD and login options from external sites. If anyone has experience with this and is willing to point me in the right direction, I’d be very grateful!