|
password reset with ad synced users requires atleast a P1 license because self service password reset (the main way passwords get changed via azure ad) is an extra license cause of loving course it is. I think you can also have it write back devices from MDM to on prem, but yeah gently caress user/group writeback. AADC seems to be pretty nice from what ive used of it. the transform rules worked for what i needed them to do.
|
#
?
Jul 26, 2022 20:49
|
|
|
|
| # ? May 26, 2024 14:06 |
|
|
AADC is really good and solid because it's built on the legacy of FIM/MIM which are really good and solid identity management systems but get super complicated very quickly the moment you integrate another system and/or write your own integration plugins. AADC avoids all that ofc because it only has to deal with AAD and on-prem AD, easy mode.
|
|
#
?
Jul 26, 2022 20:59
|
|
|
yeah i like the internal design with the metaverse or w/e. makes it easy to understand how its doing things when troubleshooting
|
|
#
?
Jul 26, 2022 21:01
|
|
|
earlier this year they tried to make me support some turbo-hosed on-prem FIM/MIM solution which was syncing between 3 AD domains, 4 SAP environments and 2 salesforce environments, allll relying on custom poo poo. i told them to eat poo poo basically. it's wild FIM/MIM unconstrained is pure hosed but when you lock it own you get AADC which owns.
|
|
#
?
Jul 26, 2022 21:20
|
|
|
AD -> Azure AD -> everyone else via saml/oidc/wsfed w/ SCIM if needed (even tho scim is poo poo)
|
|
#
?
Jul 26, 2022 21:25
|
|
|
Shaggar posted:AD -> Azure AD -> everyone else via saml/oidc/wsfed w/ SCIM if needed (even tho scim is poo poo) shaggar was right
|
|
#
?
Jul 26, 2022 21:28
|
|
|
also if your federation implementation doesnt allow users to be created/updated during token login then its poo poo and you need to redesign it. i should never have to create or update a user out of band.
|
|
#
?
Jul 26, 2022 21:31
|
|
|
Shaggar posted:also if your federation implementation doesnt allow users to be created/updated during token login then its poo poo and you need to redesign it. i should never have to create or update a user out of band. that’s what your application admin is for
|
|
#
?
Jul 26, 2022 21:33
|
|
|
Shaggar posted:AD -> Azure AD -> everyone else via saml/oidc/wsfed w/ SCIM if needed (even tho scim is poo poo) this is 1000% correct and if anyone says otherwise they work for SAP/IBM/consultants.
|
|
#
?
Jul 26, 2022 21:42
|
|
|
Pile Of Garbage posted:SAP->AD->SAP->AD->Salesforce->SAP->AD). 
|
|
#
?
Jul 26, 2022 21:54
|
|
|
Captain Foo posted:that’s what your application admin is for if i can provide all the attributes necessary for user creation in the security token at sign in i expect the user to be created from those attributes at sign in.
|
|
#
?
Jul 26, 2022 22:05
|
|
|
and im talking about tertiary systems like salesforce, sap, or whatever dumb bullshit the HR people got scammed into buying this week. actual important stuff like ad/azure ad is different
|
|
#
?
Jul 26, 2022 22:06
|
|
|
oh, one of my favorite other things about AADC is that if you want to do single sign on using windows auth to azure AD they got rid of the requirement of using ADFS by spinning up a VM in azure and joining it to your domain for the purposes of trust and windows auth lol.
|
|
#
?
Jul 26, 2022 22:09
|
|
|
Shaggar posted:if i can provide all the attributes necessary for user creation in the security token at sign in i expect the user to be created from those attributes at sign in. more applications in my experience than not don’t do provision on first use
|
|
#
?
Jul 27, 2022 14:49
|
|
|
i know and it really annoys me
|
|
#
?
Jul 27, 2022 15:37
|
|
|
ours has a fun trick where a user whose first login is over vpn gets told to frig off, because people who don't have a corresponding AD account can't open vpn sessions, and you can't be authenticated if the machine doesn't have a cached credential it can check -- so even if you're issued a laptop you physically have to go into the office to activate it, which is fine by me because it's another chance to do 100% id verification, see the client's pass, check their clearance and make sure they have a working pki token
|
|
#
?
Jul 28, 2022 18:13
|
|
|
also apparently that "no vpn without a valid AD account" bug/feature extends to disabled accounts too, which we learned by accident when someone did something stupid in a no-stupid zone we locked his account, corrections were made, and after we re-enabled him he still couldn't open a VPN, because you need an enabled account to do that and the locally cached version insisted the account wasn't active 
|
|
#
?
Jul 28, 2022 18:19
|
|
|
hey what’s a good ssd to get these days. I’m looking for 2 TB and probably PCIe 4, unless there’s a reason PCIe 4 is a bad deal. I’ve historically always bought Kingston for flash memory, are they still good? any other good brands?
|
|
#
?
Jul 29, 2022 20:09
|
|
|
Silver Alicorn posted:hey what’s a good ssd to get these days. I’m looking for 2 TB and probably PCIe 4, unless there’s a reason PCIe 4 is a bad deal. I’ve historically always bought Kingston for flash memory, are they still good? any other good brands? Kingston SSD's aren't bad per sé but not the brand to get I think. Samsung EVO is the best price/performance, but the current model (970 Evo plus) is PCIe 3 not 4, so if that really matters to you the 980 Pro is the best. Other good SSD brands are Intel and Western Digital (WD Black).
|
|
#
?
Jul 29, 2022 20:27
|
|
|
is there a practical difference between a super fast nvme ssd and an even faster nvme ssd for desktop use
|
|
#
?
Jul 29, 2022 21:47
|
|
|
I’m not just doing regular desktop use. I’m a gamer
|
|
#
?
Jul 29, 2022 22:46
|
|
|
Silver Alicorn posted:I’m not just doing regular desktop use. I’m a gamer 
|
|
#
?
Jul 29, 2022 22:48
|
|
|
|
|
#
?
Jul 29, 2022 22:48
|
|
|
spankmeister posted:Kingston SSD's aren't bad per sé but not the brand to get I think. the evo 980 pro is pcie gen 4.
|
|
#
?
Jul 29, 2022 22:53
|
|
|
I’m just leery of buying sarnsung but I’ll think about it
|
|
#
?
Jul 29, 2022 23:22
|
|
|
i run sarn 980 pros for all my important drives and they're incredibly fast and good. tier2 is wd blacks, i have 3 of those in my linux box and they also seem to do it nicely, though they're gen3 do. not. buy. sabrent. i got burned by them really hard
|
|
#
?
Jul 29, 2022 23:25
|
|
|
Shaggar posted:the evo 980 pro is pcie gen 4. yes that's what I said
|
|
#
?
Jul 30, 2022 00:13
|
|
|
Silver Alicorn posted:I’m just leery of buying sarnsung but I’ll think about it they're the best ssd op
|
|
#
?
Jul 30, 2022 00:14
|
|
|
i thought samsung was considered overpriced these days
|
|
#
?
Jul 30, 2022 00:39
|
|
|
feels like a component that you don’t wanna skimp on like you’re not just paying for performance, hopefully also reliability
|
|
#
?
Jul 30, 2022 00:53
|
|
|
understood, op this is the only thing I’ll buy from Samsung as far as I know. only stuff that can’t connect to the internet on its own and spy on me. kinda funny that I trust a hard drive not to spy on me but here we are
|
|
#
?
Jul 30, 2022 02:15
|
|
|
i've always though samsung to be a proper chaebol, where the various divisions are their own silos i always figured storage and screens were different entities, especially since samsung was battling with apple on design similarities while apple was orders stacks of components for iphones
|
|
#
?
Jul 30, 2022 02:30
|
|
|
oh yeah I don't buy anything from samsung except ssd's, gently caress their phones and tv's.
|
|
#
?
Jul 30, 2022 06:15
|
|
|
I leave their phones and tvs alone, loving then seems a little bit ott in todays culture
|
|
#
?
Jul 30, 2022 08:14
|
|
|
i gently caress my sarnsung and cum in it
|
|
#
?
Jul 30, 2022 10:04
|
|
|
this phone is fine, as is my sabrent drive for the moment, but I fully expect to be left in the cold when it does fail because their support is garbo the WD/Samsung decision is made by waiting for one of them to go on sale, because they are both good
|
|
#
?
Jul 31, 2022 14:17
|
|
|
is there a good usb bluetooth adapter my "targus" thing disconnects all the time
|
|
#
?
Aug 16, 2022 13:19
|
|
|
cowboy beepboop posted:is there a good usb bluetooth adapter I have a tp-link one from amazon and it's okay.
|
|
#
?
Aug 16, 2022 15:14
|
|
|
I picked it specifically because it's not a no-name brand
|
|
#
?
Aug 16, 2022 15:22
|
|
|
|
| # ? May 26, 2024 14:06 |
|
|
market opportunity: Bluetooth audio adapter that just presents as a usb audio adapter so you don’t have to deal with windows terrible Bluetooth implementation
|
|
#
?
Aug 16, 2022 17:45
|
|