Introduction
In today’s enterprise IT landscape, seamless and secure authentication is crucial. Lightbits is proud to introduce Federated Authentication support via Active Directory Federation Services (ADFS), available as a Technology Preview (v3.11.1). This feature aims to transform how users and applications interact with Lightbits clusters.
Please note that this capability is a tech preview and should only be enabled, used, and evaluated in non-production systems.
Why ADFS Integration Matters
Federated Authentication allows organizations to leverage their existing identity provider (IdP) infrastructure, eliminating the need for managing separate local users on the Lightbits system. This integration brings several key benefits:
- Simplified User (and groups) Management: Utilize your existing Active Directory groups for access control.
- Enhanced Security: Leverage your organization’s established security policies and multi-factor authentication.
- Seamless User Experience: Enable single sign-on (SSO) capabilities for your team.
- Flexible Application Integration: Support for both user and application authentication flows.
Key Features of Lightbits ADFS Integration
Lightbits ADFS integration includes support for two primary OAuth 2.0 grant flows:
- Device Authorization Flow: Ideal for users interacting directly with the Lightbits cluster via the CLI.
- Client Credentials Flow: Perfect for applications and scripts leveraging Lightbits’ REST API (can be reviewed in the Lightbits administration guide)
Getting Started with ADFS Integration
Setting up ADFS integration involves a few straightforward steps:
- Enable the Feature: Currently, this is done via a feature flag.
- Configure IdP Settings: Provide details about your ADFS server.
- Set Up Client Configurations: Define the client IDs and authorization modes.
- Map AD Groups to Lightbits Cluster Roles: Create a mapping between your AD groups and Lightbits scopes/roles.
- Create a local configuration file on the client machine (for CLI users).
You can find a step by step instructions on how to enable ADFS authentication over here
Client Authentication in Action
Take the Next Step
Ready to streamline your authentication process? As we’ve explored, Lightbits’ new ADFS integration feature offers a powerful way to leverage your existing identity infrastructure while enhancing security and user experience.
Although currently in Technology Preview, this feature is ready for evaluation in your non-production environment, offering you a unique opportunity to shape its development. By starting your evaluation today, you’ll be at the forefront of implementing simplified, secure authentication for your Lightbits clusters.
Try it out and reach out to us or join our Slack community if you have questions or suggestions.