Who is an external user?
From secure access management point of view, external users fall into the following categories:
- Partners. Users who belong to a trusted external partner organization.
- Guests. These are non-employees, includes users such as consultants, contractors, vendors, visitors, alumni, collaborators.
- Remote Users. Your employees (staff, students) when they are outside the corporate network.
Users from Partner organization are usually provisioned in their enterprise Shibboleth SAML Identity Provider (IDP) implemented using the Elastic SSO Enterprise Edition solution.
Guest users are provisioned in a separate Guest IDP implemented using the Elastic SSO Team Edition solution.
Remote Users are usually provisioned in their enterprise IDP implemented using the Elastic SSO Enterprise Edition solution.
Who is an internal user?
Mostly employees, staff and students. These users are usually provisioned in your local enterprise Active Directory, LDAP or SQL database.
Internal Users are usually provisioned in their enterprise IDP implemented using the Elastic SSO Enterprise Edition solution.
From best practices and compliance perspective, it is recommended that external users not be provisioned in the same repository as the internal users. Mixing the two increases the chance of unauthorized access and related accidents, damages and penalties.
Once your App is Shibboleth SAML enabled, then secure access is easily enabled on a per IDP basis for different sets of users: internal or external or both.