I have a timecard database that is hosted on a local in-house server in San Francisco and which is regularly accessed from the 30 local staff in the SF office. Users get authenticated into the database with Windows Active Directory, ensuring then that they access only their own time records. My company wants to push the system out to the remainder of the organization (180 staff total across 9 US offices). To add to the complication, they would like access from home and mobile devices - none of which is set up yet.
I am aware that I could build a layer for logging into a access portal with scripted creation of accounts in all the related databases, but I have been reluctant to go down this path, fearing becoming involved with the administration of user's accounts.
I wondered if anyone had successfully implemented being able to authenticate into a hosted database from a SSO provider as this (at least in my imagination), would potentially do much the same as AD and hence alleviate me from having 180 separate accounts. It looks as if LDAP might be a contender (our Saas SSO provider (One Login) supports this), but I cannot figure out how to implement this. Any advice would be very much welcomed. Thanks Alan