Hacker News new | ask | show | jobs
by xorcist 542 days ago
Why do think that? I did something similar at a previous work for something bordering on 1k employees.

User administration was done by modifying a yaml file in git. Nothing bad to say about it really. It sure beats point-and-click Active Directory any day of the week. Commit log handy for audits.

If there are no externalities demanding anything else, I'd happily do it again.
1 comments
kasey_junk 542 days ago
There is nothing _wrong_ with it, and so long as you can prove that your offboarding is consistent and quick then feel free to use it.

But a central system that uses the same identity/auth everywhere is much easier to keep consistent and fast. That’s why auditors and security professionals will harp on idp/sso solutions as some of the first things to invest in.

link
xorcist 542 days ago
I found that the commit log made auditing on- and offboarding easier, not harder. Of course it won't help you if your process is dysfunctional. You still have to trigger the process somehow, which can be a problem in itself when growing from a startup, but once you do that it's smooth.

However git is a central system, a database if you will, where you can keep identities globally consistent. That's the whole point. In my experience, the reason people leave it is because you grow the need to interoperate with third party stuff which only supports AD or Okta or something. Should I get to grow past that phase myself I would feed my chosen IdM with that data instead.

link