ProGet Advanced Feature: LDAP/Active Directory Integration

ProGet is a reliable and secure package manager that lets you easily curate third-party packages and publish internal packages, and is available in a totally free version. 

Feed-level access and restrictions and integration with existing LDAP/Active Directory systems unlocks ProGet’s fullest potential to give you security and compliance at the speed of business. 

Looking for technical documentation? Visit the LDAP/Active Directory integration documentation page.

Restrict Access at the Feed Level 

Multiple feeds serve different purposes and tech stacks within an organization. For example, you might have separate “Approved Packages” and “Unapproved Packages.” Or you might have specialized teams that require separate feeds; for example, Ops teams uses Chocolatey, while Dev teams require NuGet, and others are using PyPi.  

Feed-level access lets you configure a feed itself to restrict how any user, regardless of their individual permissions settings, can interact with it. You control the pull, publish, and promotion access controls over feeds—for both individual users and entire teams. Add block

PullView and use a package available in a feed
PublishAdd new packages to a feed
PromoteMove packages between feeds 

And the LDAP/Active Directory integration makes managing these feed-level controls a simple matter of keeping your Active Directory up to date. Just one integration assigns all team and role permissions within ProGet.

Cut through the Chaos 

Scaling without control is a nightmare. As the number of developers increases, the amount of ProGet feeds increases as well. User-based restrictions alone do not ensure developers pull, publish, and promote only where they are ‘supposed to.’  A cascade of small ‘harmless’ changes to feeds made by users who shouldn’t be touching them in the first place can quickly lead to chaos. The npm teams can start publishing directly to the Maven feed. Or you can end up with a developer violating compliance requirements. However you look at it, it’s a disaster waiting to happen. The free forever edition of ProGet lets you restrict which actions a user can take, but you cannot restrict how users act with any individual feed. Users with publish permissions can publish to ANY feed, and if they have promotion permissions, they can promote ANYTHING to ANY feed. 

Trying to avoid this problem by maintaining a single feed is also not a scalable solution. Hunting around for the package you need in inside a single, giant feed quickly drains organizational resources. Unless teams using ProGet are very small, it’s impossible to avoid having multiple feeds at any kind of scale. 

See how Swiss Re uses ProGet to manage multiple feeds and hundreds of packages.

Automatically Change Permissions Based on Active Directory Status 

Integrating your existing LDAP/AD with ProGet removes the need to configure users and groups inside ProGet. With principals defined in your user directory, ProGet’s LDAP/AD integration allows you to create a single sign-on experience while letting other members of the organization manage user accounts and group membership. Security and compliance personnel take care of the permissions so that developers can get back to developing. 

This totally removes the administrative, security, and compliance headaches of constantly juggling everyone using ProGet. Think about it: the LDAP/AD integration means that’s one less password to remember, one less account to (de)provision as staffing changes, and one less system to change when someone’s role changes. Simplifying this even more, enabling Integrated Authentication in ProGet means ProGet users won’t even have to bother typing a password. It’s that simple. 

Restricting access at the feed level and automatically change a user’s permissions based on roles or teams with the LDAP/Active Directory integration is available only in paid editions of ProGet. 

Download now and see how ProGet Basic can help your organization.