Hi
At the moment we need to setup a new cryosparc web account for every new student. It would be really great to have cryosparc connected to LDAP/ActiveDirectory.
It would also be great when based on Security Groups within LDAP/ActiveDirectory you could also define which group can access which lane
Thanks
Bump. I have scripted this process to sync AD with CryoSPARC. But some native integration would be much appreciated.
@nbtm-sh Can you give more details on how you accomplished this? I’d love for Cryosparc to have Active Directory integration.
The script I have is a Python script. It uses LDAP to read the Active Directory domain and filter by group membership. Then, using direct calls to the CryoSPARC CLI, you can programmatically create and destroy user accounts. I currently have the script running on a systemd timer to run every hour. If you write a script, I’d recommend running as root, as running it as the CryoSPARC user could potentially allow a user to access the LDAP credentials. Unfortunately, I’m unable to share the script on this forum as it relates to my employment, but take a look at the python-ldap library 
I’m writing a python script to provision access to cryosparc based on group membership similar to your suggestion. I’m wondering if you found a way to retrieve the register token from the database to send along to users via email?
We don’t actually use the CryoSPARC login page and bypass it entirely. We have a reverse proxy sitting in front of the instance. Each user has a random password generated and stored in a database know to the proxy software. The gist of it is that the reverse proxy redirects to Microsoft Single-Sign-On, then once the user is authenticated, the proxy authenticates to the CryoSPARC server with the known password on behalf of the user and passes the token back up. Since the proxy can see the traffic between the instance and the user, we can hook the CS login page and force a redirect. It’s very bodged, and it would be nice for some notice support.