Active Directory and Single Sign On for external websites

The issue I am running into is that a company has about 6 external websites that have a generic username and password that they are continuously having to change if an employee leaves or gets fired. They are wanting me to install a server with Active Directory so that when a user logs on with their credentials, it passes the logon information for the external websites to a browser and bypasses them having to hand out the credentials to every Joe that comes and goes from the company. That way if the employee is no longer a valid user, we just disable him in AD and he cannot gain access to the external websites/internal network. This is my first go with Single Sign On situations, any help/advice is greatly appreciated.
LVL 1
Josh GarrettNerdAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bbaoIT ConsultantCommented:
where are the external sites located? hosted somewhere on the internet where is totally separated from your corporate LAN?
0
Josh GarrettNerdAuthor Commented:
Yes, completely external and in no way affiliated with the company.
0
bbaoIT ConsultantCommented:
are the external websites IIS based or on any non-Windows OS?
0
The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

Josh GarrettNerdAuthor Commented:
That's something I would have to research and get back on.
0
bbaoIT ConsultantCommented:
we need to know that as it is essential for you to find the right solution.

say the external sites are IIS based and running on Windows servers, it is technically possible to seamlessly integrate them with the exisiting domain over the Internet via VPN.

if the sites are Apache based on a Linux distribution, it is technically possible to deploy a Radius or LDAP server in the corporate network (DMZ preferred), and configure or develop the web applications to authenticate using the directory serives on the Internet (via VPN preferred).
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Josh GarrettNerdAuthor Commented:
I will work on that this week, it's going to be fun trying to get all entities together for such an accomplishment. Will report back as soon as I can get more info.
0
Muhammad MullaSystems AdministratorCommented:
If they are externally hosted services run by someone else, it will be worth checking what types of single sign on they support.

Depending on the software, you may need to use, SAML, ADFS or something based on Certificates.
0
Josh GarrettNerdAuthor Commented:
Client decided to go with Microsoft 365/Azure hosted as a solution instead of bringing server in house.
0
Josh GarrettNerdAuthor Commented:
Thanks for the assistance guys.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.