Currently all our applications are web based and our authentication and authorization mechanism is always through the database. eg database logins and access controls defined at database. However now we are thinking of changing this approach and making use of the active directory for authentication and authorization.
So we need to create AD accounts (even for our users coming through from the internet), and assign access controls using Authorization manager? Is this how it's normally done? What are some pros and cons for this? I believe for the AD method, our internal staff can be given access rights to print to a secret printer for sensitive information (for example), but with database approach it will be difficult ?
Lastly, do I have to keep the same set of access rights roles/groups in the database and AD at the same time? If there is no need to, then does it mean the application can just call an API to verify the required roles from AD direct? thanks