If the people are on a trsuted domain, how about using integrated login. That way people don't need to know their ID, they just login to the network as usual and run the app. Failing that, if you have an LDAP server with peoples details on, you could authenticate to that.
You don't have to use user id- you could rename people so that their NAME details use some other field contents such as email address. The trick would then be knowing how to import these users as some might want to use an email address and some their current ID. So ideally you'd switch everyone to using the new format. A bit of scripting work should enable you to bulk rename people if thats the route.
Hi Dave, thanks for the reply. Unfortunately we support 10 different customers all of which have a varied mix of infrastructure with different levels of accuracy (Novell, AD etc) so trying to implement integrated login would be an absolute nightmare and I know that our customers wouldn't stump up the readies for any such work. We've tried on many occassions to obtain up to date user information and it is like trying to get blood out of a stone (and I'm not convinced half of them actually know!). We have almost 50,000 end users on our database when all 10 customers employ approximately 33,000 and we have to run a script to try and stop this getting totally out of hand as most of our customers don't inform us when a user leaves.
However, our customers still want us to be able to perform miracles. All of the customers want us to increase security and some are quite particular in how we achieve this (I'm all for switching the whole lot over to email but other customers are opposing this).
So, to satisfy all my customers I need to be able to choose which method is used based on which customer an end user works for (which is identified at level 1 of a location category). If it can't be done then we'll have to get one group to shift but at least I can go to them and say I tried.
1 of 1 people found this helpful
Tricky. I'd consider a usage charge and maybe using different instances to divide up those that insist on things being done a particualr way. Appropriate charges might influence peoples decisions :-) Some of the new stuff in 7.4 on partitioning might be of significant interest [hint]
Just to update really, We upgraded to 7.4 last summer and implemented two 'sites as now in 7.4 each site has its own config file and you can configure one for explicit login and the other for integrated login. Set the integrated as default but add a failover in iis for a 401.1 error to redirect to explicit. Happy days
Did you then have to import an additional user account for each person, with email address mapped to the [tps_user[.[tps_name] attribute?
And if there is now an additional account for each user, did you create a "link" between the two accounts? Does whoever maintains the database still consider this a "success?"