Identity and access management components used in GÉANT eduTEAMS are not an exception. Thus they rely on custom connectors to deliver authorization data to managed services, usually utilizing standardized protocols like SSH or LDAP. Although this solution is not technically ideal, it works for most services operated on Unix-based operating systems. For services operated on Windows OS, there might be a problem to transfer the required data to the machines unless the service itself has an API for that, which is not always the case. To overcome this obstacle, CESNET and Masaryk University piloted a simple connector for provisioning data to services hosted on Windows OS. The connector uses SSH as a data transfer protocol, which is currently supported by the latest Windows OS. SSH runs Powershell script on a destination which is customized for managed service, and its responsibility is to configure the service with provisioned identity and access control information. This topic is related to Instant User Provisioning and Deprovisioning. Where possible, technical synergies shall be identified to the benefit of both solutions. |