Hi there,
In our project, we enabled the active directory authentication.
I have two challenges right now:
1 - I need to block the login entirely if the user trying to login is not a member of any of the 5 predefined groups. Is it possible to do this via configuration?
2 - Is there also a way to disable automatic group creation when a new user logs in? I only want to keep my 5 groups that should be using the application.
Thanks in advance.
Active Directory block login
Search
-
gschijndel
- Posts: 373
- Joined: Tue Jan 15, 2019 3:12 pm
Re: Active Directory block login
Take a look at the topic: Windows AD Authentication - User Names with Spaces
You could derive your own authentication class from 'OaAuthMethodAD' and overwrite the result of 'OaAuthMethodAD::isUserVerified' with additional checks to block logins (since 3.17).
Blocking the logins might also prevent the automatic group creation, otherwise overwrite the result of 'OaAuthMethodAD::getExternalIdForGroup' with an empty string to prevent the group creation.
You could derive your own authentication class from 'OaAuthMethodAD' and overwrite the result of 'OaAuthMethodAD::isUserVerified' with additional checks to block logins (since 3.17).
Blocking the logins might also prevent the automatic group creation, otherwise overwrite the result of 'OaAuthMethodAD::getExternalIdForGroup' with an empty string to prevent the group creation.