Possible to create a user account without domain in ALM?

Tags:

Question ID: 108322

Hello,
We are wanting to create a user profile/service account without having it authenticate through our current Domain Authentication process for our Service Desk to be able to access ALM. Is this even possible & how would we accomplish this if possible?

Thanks,
Homer

Marked as spam

Posted by homerj (Questions: 379, Answers: 35)

Asked on April 27, 2018 10:07 pm

28 views

Answers (1)

▲

▼

✔

Private answer

Hi Homer,

Are you using LDAP/Active Directory Authentication or QC Authentication (since you said Domain authorization I am going to assume not QC Authentication) ? If I deduced correctly, unfortunately with the design of ALM, it is an either or type of Authentication principal. If you are using LDAP or Active Directory to authenticate the users then all accounts must authenticate through the same means (which it appears as though this is how you are authenticating). If you are using ''QC Authentication'', which is the native authentication and uses the ALM built in listing to authenticate and not utilizing your third party user listing as with LDAP or Active Directory then you should be able to accomplish what you are desiring. ALM has no mixed mode capability so if you wish to create a general Site Admin account for any one with the credentials to authenticate into the system using LDAP or Active Directory to authenticate, then your only option would be to make a Service specific account within your LDAP or Active Directory that you could then add to the users list to allow anyone with those specific credential information to be able to authenticate into the site admin portion of the application. It would not be a highly recommended option to pursue as anyone can then get into the site admin that has that information and make changes without authorization and there would be no tracking of who were to make the changes, just that the said account did so. This could allow for lots of unapproved modifications, additions, deletions, etc without knowledge by the actual authorized qc admin. Also you would have a harder security control over the account since anyone with the password could make adverse changes as they saw fit and if employees were removed from access or the company if they had knowledge of the credentials they could make changes until the password was changed and everyone involved notified (this would make it more of a security risk and not advised to do).

I hope this makes sense but the answer is dependent on the authentication method used and creating such account can be a security risk in the future should too many know the password and thus is not recommended.

Dan

Marked as spam