cancel
Showing results for 
Search instead for 
Did you mean: 

Single realm versus multiple realms

Contributor

Single realm versus multiple realms

Im creating a sign-in page and I have 2 option:

1. Create multiple realms and let users select a realm from the drop-down list before signing in.

2. Create a single realm (which won't show in the sign-in page). I'm using active directory LDAP and using expression to identify the user.

Which method are you using or recommend? I found option 2 take longer to authenticate, is it because I'm using 'expression' to identify the users?
7 REPLIES 7
Highlighted
Frequent Contributor

Re: Single realm versus multiple realms

Displaying / selecting realms has nothing to do with quering backed LDAP server, should not cause a delay.

If you have a requirement where users must select a realm before authenticating then option 1 is good.

Else you can also create multiple sign-in pages and assign individual realm to the sign in page, users will then need to hith the right sign-in URL.

Respected Contributor

Re: Single realm versus multiple realms

whichever works best for you and the specific realm you are configuring. i have seen instances where option 1 is used, others with option 2, and sites that do both, depending on the user need.

Contributor

Re: Single realm versus multiple realms

In my eyes that depends on how the users work with the SA.
A rough guideline for me is....

Are there users which has to alternately login to differnet realm?
=> Sign-In Page/URL with Realm Selection.
This would make it easier for the users to switch between the realms


Are the majority of the users login to one specific realm?
=> Sign-In Page/URL with single realm for that users.
This reduces the number of users which could choose the wrong realm => Reduced work for the helpdesk :-)


Do you have multiple realms for the users, but each users always only login to one of this realms?
=> Sign-In Page/URL for each realm.
In my experience it seems to be easier for a user to distinguish between URLs rather than realms.
So telling him he has to go to "mycorp.com/sales" to login is easier than telling him to go to "mycorp.com/login"
and choose the "sales" realm.


Are there technical reasons for multiple domains (e.g. users has to choose the domain he wants to login in)
=> Try to find a solution to accomplish this with a single realm.
According to Murphys Law the effort for this is considerably lower than to explain the user which realm to choose Smiley Very Happy

Frequent Contributor

Re: Single realm versus multiple realms

your LDAP AUTh make sure you have search nest groups in server cat. not all nested groups.

Not applicable

Re: Single realm versus multiple realms

in my setups i have done sign in to one realm for my main users, (corporate). and vendors i would give them a /vendor realm, i would also place a link for MAC users to go to /mac on the default sign in page under the disclosure, (remember the sign in page accepts HTML), this way the only users that needed to know a seperate link are vendors, all the rest go to the site and get what they need from there. just a thought.

Regular Contributor

Re: Single realm versus multiple realms

sorry about the user name, i am not a new user, it was just being merged as i posted a reply
Respected Contributor

Re: Single realm versus multiple realms

This is probably the cleanest way to give different options for users who may need something than the default; you can even opt to give out only the default and then let users choose where they want to go from there based on link(s) you post on the system.