web application integration with .NET application
Dear Experts
We have CRM which is web application on a LAMP stack deployed on premise, the external users can access this application via 2FA, the 2FA solution that we have used is Duo Security (where CRM application uses Duo Access gateway and Duo Access Gateway use Windows AD for authentication).
As We could not achieve advanced Reporitng though CRM application hence we went for custom development using .NET. This takes csv output from CRM and generates the expected reports.
We have to integrate these 2 applications and based on feasibility between 2 application implementers understood in the CRM application they will provide link of .NET application when click on it, this will open up the new tab of the Reporitng server from here the reports are fetched. CRM login user and reporting system login user will be same they will use the tokens for each user but the .net implementer says static token once in few days this can be changed.
Suggestion /advice requested.
From IT point of view: CRM server URL is published to public/internet but reporting server URL is not published for public/internet, in this case when external user access the CRM application via 2FA and then click on advanced reporting will it resolve the reporting server URL (for the external user who has already gained access of CRM application please suggest). I think it is not possible please suggest.
Please help me with best way to ensure the security and reporting server URL also accessible for the external users once they already accessed CRM and click for Reporting server URL (will publish Reporitng server to public/internet but if someone steals the URL) as .NET implementer says static token integration with CRM application, if this URL is leaked then other can access the Reporitng server.)
Please suggest the best practice. Thanks in advance.
We have CRM which is web application on a LAMP stack deployed on premise, the external users can access this application via 2FA, the 2FA solution that we have used is Duo Security (where CRM application uses Duo Access gateway and Duo Access Gateway use Windows AD for authentication).
As We could not achieve advanced Reporitng though CRM application hence we went for custom development using .NET. This takes csv output from CRM and generates the expected reports.
We have to integrate these 2 applications and based on feasibility between 2 application implementers understood in the CRM application they will provide link of .NET application when click on it, this will open up the new tab of the Reporitng server from here the reports are fetched. CRM login user and reporting system login user will be same they will use the tokens for each user but the .net implementer says static token once in few days this can be changed.
Suggestion /advice requested.
From IT point of view: CRM server URL is published to public/internet but reporting server URL is not published for public/internet, in this case when external user access the CRM application via 2FA and then click on advanced reporting will it resolve the reporting server URL (for the external user who has already gained access of CRM application please suggest). I think it is not possible please suggest.
Please help me with best way to ensure the security and reporting server URL also accessible for the external users once they already accessed CRM and click for Reporting server URL (will publish Reporitng server to public/internet but if someone steals the URL) as .NET implementer says static token integration with CRM application, if this URL is leaked then other can access the Reporitng server.)
Please suggest the best practice. Thanks in advance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
How big is the issue of external users accessing the CRM and reporting? Do you need a solution for 2 users or for a 1000 users?
How big is the security concern?
How big is your budget?
Your method of managing authentication is lame, but it works inside your network.
The most obvious way is to make the reporting service available to external users is to fool the system into thinking that they are still on the internal network, by using a VPN.
Only users with a valid VPN connection will be able to access the reporting server.
The alternative to a VPN is to use a Zero trust service.
Luminate
Akamai EAA
Cloudflare Access
Zscaler
How big is the security concern?
How big is your budget?
Your method of managing authentication is lame, but it works inside your network.
The most obvious way is to make the reporting service available to external users is to fool the system into thinking that they are still on the internal network, by using a VPN.
Only users with a valid VPN connection will be able to access the reporting server.
The alternative to a VPN is to use a Zero trust service.
Luminate
Akamai EAA
Cloudflare Access
Zscaler
Normally what you're describing is handled already by all CMS or CRM platforms.
In other words, until a person logs in, they can't access any content or reporting URLs or any system functions.
Once logged in, the role management system inside the CMS/CRM will allow access to various URLs.
In other words, until a person logs in, they can't access any content or reporting URLs or any system functions.
Once logged in, the role management system inside the CMS/CRM will allow access to various URLs.
Oh... Maybe you've written a CRM from scratch (shudder) + that's why your asking these questions.
Mention the exact CRM you're using or if you've written custom code from scratch.
This will help with next round of answers to your question.
Mention the exact CRM you're using or if you've written custom code from scratch.
This will help with next round of answers to your question.
ASKER
Thanks for the reply, we use sugar crm and use duo security for 2 levels of authentication the design as follows
1. configuried sugar crm to use the Duo Access Gateway and the Duo Access Gateway to use AD
2, having an authentication source that Duo Access Gateway can use is the requirement
3.Duo access gateway on DMZ
as we found limitations on sugar reports hence custom developed on .net and c sharp and MSSQL now , now I am looking for single sign on when users login to sugarcrm they should also get access to .net application. please suggest.
1. configuried sugar crm to use the Duo Access Gateway and the Duo Access Gateway to use AD
2, having an authentication source that Duo Access Gateway can use is the requirement
3.Duo access gateway on DMZ
as we found limitations on sugar reports hence custom developed on .net and c sharp and MSSQL now , now I am looking for single sign on when users login to sugarcrm they should also get access to .net application. please suggest.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER