Logo 
Search:

Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

Site collection to manage external users (creation/unlocking/...)

  Asked By: Conor    Date: May 17    Category: Sharepoint    Views: 1730

The question might sound silly, but I haven't found a real answer to it.

Assumptions :
- We have a MOSS farm facing outside our network.
- We have multiple Web Applications, each having multiple Site Collections.
- These site collections have different administrators

Current situation :
- We are using a specific OU in our AD to manage external users.
- This means that one of the MOSS Farm administrator needs to create all the external accounts before a site collection administrator can add it to its site(s).
- We don't allow external users to change their password cause we need to be able to force a complex type of password. It also means that when a user lost it's password, the Farm admin needs to reset the password for the user - lot of time waisted emailing/calling the user.

Ideal situation :
- I would like to find a way to have the site collection administrators handle the creation of the external user accounts.
- This way, they would be able to create/unlock/delete/update accounts when needed.
- Solution "can" allow external users to change their password
- Solution MUST enforce complex password
- Solution "can" enforce password expiration, but this is not 100% necessary

- If an account could be shared with other site collections, it would be a plus.
- If to access another site collection, a user needs to have a second account, so be it.

Questions :
- Can it be done or am I stuck in having to create all the accounts myself and passing the info to the site collection admins?
- Can the External Collaboration Toolkit do the trick?
- Are there other solutions out there that would do exactly this, that would not be too expensive?
- Am I better of going to FBA

Share: 

 

1 Answer Found

 
Answer #1    Answered By: Shannon Fleming     Answered On: May 17

In regard to your assumptions:
- How are you making your farm  available to the outside network?
- What level of IT are the site  collection administrators? are they department employees or IT? if IT, what level?

More questions... are you using ECTS at the moment?

Answers:
Q: I would like to find  a way to have the site collection  administrators handle  the creation  of the external  user accounts.
A: If the Site collection admin  has delegate rights over the OU, then they can.

Q: - solution  "can" allow external users  to change  their password
- Solution MUST enforce complex  password
- Solution "can" enforce password  expiration, but this is not 100%  necessary
A: This is possible, but depends on your infrastructure etc...

Q: If to access  another site collection, a user  needs to have a second account, so be it.
A: One account  (AD) can be used on any site collection part of that farm for that domain.

Q: Can the External Collaboration Toolkit do the trick?
A: This can do everything you want. but depends on how your making it available to the outside.

Q: Am I better of going to FBA
A: Not good enough for your ideal solution.

Assumptions :
- We have a MOSS farm facing  outside our network.
- We have multiple  Web Applications, each having multiple Site Collections.
- These site collections  have different administrators

Current situation :
- We are using a specific  OU in our AD to manage  external users.
- This means that one of the MOSS Farm administrator  needs to create  all the external accounts  before a site collection administrator can add  it to its site(s).
- We don't allow external users to change their password cause we need to be able to force  a complex type  of password. It also means that when a user lost  it's password, the Farm admin needs to reset  the password for the user - lot  of time  waisted emailing/calling the user.

Ideal situation :
- I would like to find a way to have the site collection administrators  handle the creation of the external user accounts.
- This way, they would be able to create/unlock/delete/update accounts when needed.
- Solution "can" allow external users to change their password
- Solution MUST enforce complex password
- Solution "can" enforce password expiration, but this is not 100% necessary

- If an account could be shared  with other site collections, it would be a plus.
- If to access another site collection, a user needs to have a second account, so be it.

Questions :
- Can it be done or am I stuck  in having to create all the accounts myself and passing  the info  to the site collection admins?
- Can the External Collaboration Toolkit do the trick?
- Are there other solutions  out there that would do exactly this, that would not be too expensive?
- Am I better of going to FBA