In large enterprises it is typical that software is not solely done by the organization itself, but with the help of subcontractors. When using outside workforce, enterprises generally want to restrict the visibility and access of subcontractors only to projects they are working on. In addition to project access, subcontractors need access to other tools in the development environments such as continuous integration servers, issue trackers, testing environments to name a few.
Centralized access management is typically handled through corporate LDAP or Active Directory, but what if you need to isolate the development ecosystem from the corporate environment because of security constraints? And what if you want to delegate control of access rights to the development organization instead of letting centralized IT support to handle it?
Deveo has centralized authentication solution baked into our platform that helps to manage credentials for the entire development ecosystem. All tools supporting LDAP authentication can be configured to use Deveo LDAP API as authentication source. Using the centralized authentication solution all access management in the development environment can be set up and maintained from one place and control of access rights can be delegated to those who really set them up in the first place. The picture below shows an development ecosystem that consists of multiple subcontractors and various tools:
Setting up and managing the environment consists of user and group management as well as tool configuration. I will go through the essential parts below, how the development environment can be set up, managed and maintained.
1. Managing users
Using Deveo, users can be managed via multiple methods. In this example, Deveo programmable API is used to create, update and remove users. A simple script parsing a text file and calling the Rest API is used as the “tool” of choice. User maintenance can be done periodically with cron or similar scheduler in order to add new users and prune unused ones. This guarantees that only those who need access to development tools, have it.
2. Managing groups
When necessary user accounts are in Deveo, groups can be created in order to control permissions to other tools more fine-grained. The same synchronization script used in user management automatically adds users to their base groups based on to which subcontractor they work for. However as there can be multiple projects under one subcontractor and in some projects subcontractors collaborate, more fine-grained permissions are needed.
Groups created through Deveo web interface are exposed as LDAP groups. The beauty of it is, that you can hide groups from people who don't need to see them. If a group is set as private in Deveo, only people who are part of the group (as well as company administrators) can access them both through Deveo web interface or LDAP.
3. Configuring the tools
Once access management rights are set up in Deveo, we can configure tools to use them. As most tools today support standard LDAP or Active Directory based authentication, the configuration of the tools is seamless and efficient. The beauty here is that development teams can set up their own tools, while still enjoying the benefits of easy configuration and having authentication related matters configured centrally.
Using Deveo as central hub for software production brings multiple benefits. Introducing an isolated development environment from the corporate and other environments keeps your IPRs and source code safe. Having access management related matters delegated to those who actually manage them them makes workflows more efficient and seamless. Automating user management removes tedious manual labor.
How is your corporate development environment set up? If you would like to know more how Deveo could benefit your software development organization, lets setup a call and discuss. We are more than happy to discuss how we could enhance your software production.