Being well aware of the dangers of post-it note passwords, we decided to do a little research on how to accomplish the goal. We found it was possible with a simple plugin and a little work by one of our Senior Systems Engineers, Jim Allen. The plugin we found used RADIUS authentication as a means to grant access to the registered area of the website. The user, as long as they were already a part of the (Windows Active Directory) domain, was able to login to the site with their current credentials. Then the account was automatically created and assigned privileges. This means that a user who had not yet logged in to the website no longer needed to register on the site before logging in. AND there was no longer a need to configure a separate (site specific) password. Instead, they could login to the site with their current email address and domain password from anywhere with an Internet connection. Best of all it is all done securely, because the entire authentication occurs via encrypted communications.

Here's how it works...When a new user logs in, the plugin talks to an Active Directory Domain Controller to determine if this is a valid account. If so, the user is created within the site automatically and assigned the default permissions and site access which are configured for non-administrative users. If the user is not part of the domain, then the plugin interfaces with the website's current database instead and grants access depending on the assigned group. If the user is not found in either database the website redirects the new user to the registration page, where a non-domain user can be created.

One application of this plugin would be for the mid-sized business that would like to utilize their website to communicate with their employees via a safe environment. This plugin saves administrative time creating accounts, managing and resetting passwords. Website authentication corresponds to the domain login information. Although this functionality might not be required for all companies, those who utilize Active Directory (or another RADIUS capable LDAP authentication method) within their enterprise could benefit greatly, saving both time and money.

Note: If you would like more information about our CMS System and RADIUS Authentication, This e-mail address is being protected from spambots. You need JavaScript enabled to view it