As we’ve mentioned before here on our blog, a key part of the App47 model is our ability to customize the last 5% (roughly) of the product to better meet our customers’ needs.
That looks different for every customer, of course. For some, it’s meant tweaking the enterprise app store to look a little different, and for others, it’s meant altering the onboarding process slightly to better fit the needs of the organization. Whatever the tweak, the key is that these slight alterations we make for one customer often end up being useful to our other customers.
That’s the case today with a new feature making its way through our development process as we speak: this client has unique onboarding needs that require something a little more sophisticated than regular-ol’ AD integration.
When we started onboarding this customer, our onboarding conversation started as it normally does with a focus on Active Directory integration. That’s the approach the client took in their initial rollout. Since they’ve gotten more people on board, they’ve grown more interested in a solution that’s better tailored to the multiple constituencies they need to service at once.
One request for the new onboarding process was Single Sign-On, which we already offer and were able to loop in quite easily. Another was SAML 2.0 integration, which was an easy add and provides a secure path for users to authenticate and onboard their devices. Where things got interesting is their request for group synchronization, which is exactly what’s coming down the pipe.
Typically, when clients service multiple constituencies that all have different access and app requirements, those users belong to various groups, and when they’re authenticated via SSO, they’re assigned to a group and given access accordingly. App47 pulls this off by pulling AD info every few hours to ensure groups are current, and adding or removing access each time that sync happens. This can require clunky firewall configurations and, often, security exceptions—which aren’t the end of the world, but aren’t exactly ideal, either.
In response to this client’s particular needs, we’re working up a way to sync group and users on the fly. As users are authenticated (either in initial onboarding or in a session renewal), they’ll be matched to a current running list of groups, and added or removed accordingly. This way, groups are synchronized and current every time an individual logs in—which is especially helpful when you’re dealing with a large number of folks who may move back and forth between different groups on a regular basis.
Continuous sync may not seem like a big upgrade, but it’s a convenient, quick, and secure way to make sure that user groups are current each and every time someone logs in. We look forward to implementing this new feature and will provide updates on our blog as it comes to fruition.