Okay, I've got a bit of a strange request from a client and I'm looking for a solution:


I currently have a domain with approximately 20 users and a windows server active directory.

I have company social networks and other websites that use a variety of logins and passwords. For instance, my company’s facebook.com page has a username COMPANY@COMPANY.com and a password LOLCOMPANY1!. This password is sensitive and I do not want any of my 20 users to know what it is, yet I want them to have the ability to log into facebook under the COMPANY@COMPANY.com username in order to make changes and updates. I need a password management solution that integrates with Internet Explorer and Active Directory in order to determine which of my domain users get logged into which sites. The ideal situation looks like this:

I hire a 3 week intern. Part of their responsibility is to log into our facebook page and supply updates and complete various marketing tasks. I will create a domain user account for them and they log into their terminal. When they open Internet explorer and go to facebook, it auto-fills the password credentials and they are able to log in. At the end of 3 weeks, the intern leaves. I don’t have to worry about changing the facebook password, because they never knew it.


This seems like a lot of work for facebook, but I’m just trying to illustrate the situation. There are numerous accounts that need to be managed, so a solution is needed.

6/30/2010 10:35:25 AM

The first thing that came to mind after reading that was "I wonder if it would be possible to integrate 'LastPass or KeePass' with AD. I have the former installed and I'm checking now.

Looks promising?
http://lastpass.com/enterprise_overview.php

[Edited on June 30, 2010 at 10:53 AM. Reason : ]

6/30/2010 10:51:12 AM

I've emailed the guys at lastpass and I'm waiting to see what they think


I realize that the obvious hole is going to be people having the ability to change the password of accounts that they get auto-logged in to. That doesnt concern me as much as the 3 week intern moving on to the next job and having my information.

changing a facebook password every time i get a new hire is fine, but the company is growing and it's getting out of hand to change 6 passwords every two weeks or so. It's going to quickly get impossible to manage without some sort of software intervention.

6/30/2010 10:57:08 AM

This seems like something pretty common that facebook might have a solution for. Alternatively, create some sort of update service/tool that does the actual modification of facebook w/ username/pw and then grant/deny access to that service/tool based on credentials.

In the tool you write, it asks for AD creds and when provided it first authenticates the user and then checks to see if there a member of a certain group in AD. If they pass both they can submit an update.

another benefit of doing it with a tool -> facebook API is that as they grow larger they may want to do automation rather than having to have someone update it by hand. That way you can do multiple levels of security, like say one level of access allows someone or some automated process to submit an update to the tool. Then a marketing guy or whoever has access to approve the update getting posted to facebook.

[Edited on June 30, 2010 at 11:15 AM. Reason : a]

6/30/2010 11:11:28 AM

Quote :

"In the tool you write"

lololololol





No, really. I'm not even going to try and code something for this. It's growing further than just facebook into other social stuff like twitter, myspace, etc. different logins for each leave me wondering it this is going to be easily solved.

6/30/2010 11:54:00 AM