Central User Management via the Cosmino LDAP Interface
By Matthias Kohlbrand InAs more and more software is used in companies, the effort required to maintain the countless user accounts of the individual systems also increases. This often involves more than just creating accounts for new users and removing them in good time when an employee leaves the company or area of application. Many systems, including Cosmino software, provide users with individual permission settings to restrict read and write access from specific functions. This is quite reasonable as the Cosmino software is used by a larger group of people with different function and responsibility.
In order to maintain users for Cosmino and the numerous other software programs only once and to provide them with authorizations, a central user database is recommended, such as Microsoft Active Directory. Using a so-called LDAP interface (Lightweight Directory Access Protocol), the respective software, e.g. Cosmino, then checks the logged-in user via the directory service of the central user database and queries the authorization settings. As a result, the additional administration of users and their authorizations is no longer required in the individual software programs; this is done centrally once for all programs – and thus makes user administration more time-saving and secure.
Since the end of 2022, Cosmino MES, PDA and MDA have been prepared for central user management, and a corresponding LDAP interface is available. If this function is used, the logged-in user including authorization can be checked via LDAP and the central directory service and transferred to Cosmino. The settings for this must be mapped once to the Cosmino authorization groups in advance. This one-time effort is worthwhile because it avoids unwanted system access and multiple maintenance of users and passwords.
This solution can be usefully combined with a "single sign-on". It allows a user to access all computers and services for which he or she is authorized after a one-time authentication at a Work Center. But once the user changes the Work Center, the authentication becomes invalid. However, there is a need for an additional browser plug-in for each Work Center where Cosmino is used. An alternative is to save the login data cookies (selection "Stay logged in") when logging in for the first time. This eliminates the necessity to enter username and password as well - at least until the cookies are deleted.
The Cosmino service team will be pleased to assist you in implementing user management with the new Cosmino LDAP interface.