Re: Single realm versus multiple realms

after1_ · ‎01-21-2012

Im creating a sign-in page and I have 2 option:

1. Create multiple realms and let users select a realm from the drop-down list before signing in.

2. Create a single realm (which won't show in the sign-in page). I'm using active directory LDAP and using expression to identify the user.

Which method are you using or recommend? I found option 2 take longer to authenticate, is it because I'm using 'expression' to identify the users?

RKB_ · ‎01-24-2012

Displaying / selecting realms has nothing to do with quering backed LDAP server, should not cause a delay.

If you have a requirement where users must select a realm before authenticating then option 1 is good.

Else you can also create multiple sign-in pages and assign individual realm to the sign in page, users will then need to hith the right sign-in URL.

zanyterp_ · ‎04-10-2012

whichever works best for you and the specific realm you are configuring. i have seen instances where option 1 is used, others with option 2, and sites that do both, depending on the user need.

Frostie_ · ‎04-11-2012

In my eyes that depends on how the users work with the SA.
A rough guideline for me is....

Are there users which has to alternately login to differnet realm?
=> Sign-In Page/URL with Realm Selection.
This would make it easier for the users to switch between the realms

Are the majority of the users login to one specific realm?
=> Sign-In Page/URL with single realm for that users.
This reduces the number of users which could choose the wrong realm => Reduced work for the helpdesk :-)

Do you have multiple realms for the users, but each users always only login to one of this realms?
=> Sign-In Page/URL for each realm.
In my experience it seems to be easier for a user to distinguish between URLs rather than realms.
So telling him he has to go to "mycorp.com/sales" to login is easier than telling him to go to "mycorp.com/login"
and choose the "sales" realm.

Are there technical reasons for multiple domains (e.g. users has to choose the domain he wants to login in)
=> Try to find a solution to accomplish this with a single realm.
According to Murphys Law the effort for this is considerably lower than to explain the user which realm to choose

RexPGP_ · ‎04-12-2012

your LDAP AUTh make sure you have search nest groups in server cat. not all nested groups.

Sonic Boom_ · ‎04-16-2012

in my setups i have done sign in to one realm for my main users, (corporate). and vendors i would give them a /vendor realm, i would also place a link for MAC users to go to /mac on the default sign in page under the disclosure, (remember the sign in page accepts HTML), this way the only users that needed to know a seperate link are vendors, all the rest go to the site and get what they need from there. just a thought.

SonicBoom_ · ‎04-16-2012

sorry about the user name, i am not a new user, it was just being merged as i posted a reply

zanyterp_ · ‎04-18-2012

This is probably the cleanest way to give different options for users who may need something than the default; you can even opt to give out only the default and then let users choose where they want to go from there based on link(s) you post on the system.