Cross domains

By cross-domains, we mean a set of external systems that are linked and share, for example, the same permissions.

A typical example of a cross-domains group might be the linking of multiple domains in MS Active Directory. In this case, we can have several AD domains that share groups with each other. That is, within one AD domain it is possible to assign users to groups from another AD domain. The groups are thus shared across the entire group of domains (cross-domains). From the end user's perspective, the systems thus appear to have the same set of groups.

The goal of cross-domains in CzechIdM is to connect systems as described in the example above and to allow to simulate the same property, i.e. that individual group can be assigned to any system in the same cross-domain group.

A user in CzechIdM can assign a role to all or only one system in the cross-domain group.

To properly use cross-domains in CzechIdM, we need three basic things:

  1. Create systems connecting systems in each domain.
  2. Configure the cross-domain group of systems.
  3. Create and configure no-login cross-domain roles.
  • by tomiskar