Delphix Products

 View Only
  • 1.  Windows Active Directory Groups for User Access

    Posted 11-16-2022 12:26:00 PM
    Hello, for all of the self-service options for provisioned VDBs, is it possible to use Windows AD groups to grant the necessary Delphix permissions to our Developers/Programmers/Analysts? We have LDAP setup, but right now it looks like we can only use individual domain accounts, not Windows AD Groups.

    ------------------------------
    Chris Patton
    Database Adminstrator, Sr
    CalOptima
    ------------------------------


  • 2.  RE: Windows Active Directory Groups for User Access
    Best Answer

    Posted 11-16-2022 07:36:00 PM
    Hi Chris,

    Great question! This is something that we are focused on delivering via Data Control Tower (DCT). DCT can be considered as the self-hosted management platform for Delphix much like vCenter for VMware. This means that DCT serves as the single integration point for all automation across a broad ecosystem of Delphix engines as well as a control point for administrators. A current project with DCT is to deliver a global Access Control system that will tightly govern access to all Delphix objects (dSources, VDBs, Masking Jobs, etc.) coupled with granular permissions. With this system, our plan is to provide an AD group integration so that administrators like yourself can identify hierarchical structures/attributes in your AD that you'd like to associate with groups of users in this system such that the membership of that group is tied to user designations in AD. 

    For example, you create an access group in DCT and assign VDBs associated with a particular application. You can then designate that applications' dev teams' AD attribute to the access group. DCT will then populate the Access Group with the appropriate set of users and will update the membership in real time based on any changes made in AD (e.g. a user moving to a different team, onboarding/offboarding, etc.). Happy to discuss this further if you're interested in a deeper conversation!






    ------------------------------
    Ross Millenacker
    Senior Product Manager
    Delphix
    ------------------------------



  • 3.  RE: Windows Active Directory Groups for User Access

    Posted 11-17-2022 08:33:00 AM
    Thank you for that info, Ross. Definitely something to look forward to. Regarding a solution more immediate, I did receive the info below from our engagement tech from Delphix as well:

    "Hi Chris, 

    There is a way to use AD groups but you would require an IDP like Azure AD. Do you guys have any ? Otherwise you only use username. 

    Hope this helps. 

    Regards, "

    I know we currently have Azure AD setup. I think it is synched with our on-prem AD. Might you have any supporting documentation on how to use this IDP integration now?

    ------------------------------
    Chris Patton
    Database Adminstrator, Sr
    CalOptima
    ------------------------------