windmill icon indicating copy to clipboard operation
windmill copied to clipboard
verified publisher icon windmill-labs

feature: Local Active Directory Authentication

Open odesey opened this issue 7 months ago • 4 comments

Background: I work with many enterprise customers that use lots of virtualization, VMware specifically (now owned by Broadcom). Since Broadcom purchased VMware, they have raised the prices substantially and there has been a mass exodus of customers. One VMware product in particular (vRA vRealize Automation) does not have a suitable alternative outside of the VMware ecosystem for enterprise customers to migrate to. I think this is a great market opportunity for Windmill. However, to really take advantage of this opportunity, local AD authentication is a must.

Feature: Allow Windmill to tie in with existing IT environments using AD authentication (Local LDAP \ AD). This should be a local AD domain, not cloud based SSO \ SAML auth.

Also, on your home page you can maybe mention something about automating tasks in VMware \ Proxmox \ XPENG \ HyperV \ Cisco UCS environments.

Thanks

odesey avatar May 21 '25 20:05 odesey

Hi @odesey ,

So far customers have been able to use SCIM and Microsoft Entra as a bridge. It seems that's not applicable in your case. If you start an EE trial, we may be able to prioritize this quickly.

rubenfiszel avatar May 22 '25 06:05 rubenfiszel

Hey @rubenfiszel , thanks for even considering this.

So this is a chicken and the egg problem, enterprise clients wont try Windmill until they have local AD auth, and you need to see an ROI before spending the manpower to implement that feature. Because I am just a consultant, I do not have the authority to sign up any client to Windmill. I was tasked with finding a replacement for vRA (mentioned in the first post) and settled on Windmill after looking into many other tools like Kestra, Temporal, Zappier, Make and n8n just to name a few.

I think (biased off course) that this feature will be worth it because of what I have see in several different enterprise environments. I will see if any clients are willing to give the EE version a spin and will let you know.

Thanks.

odesey avatar May 22 '25 16:05 odesey

Hi @odesey ,

I completely agree, and I would absolutely understand a client refusing to try before that feature is not only available but well tested. The fortunate situation that we are in is that we have very large customers right now asking for other important features so we do prioritize based on our current customers and then only once they're fully satisfied or they or prospective customer request it, we will address it even though we agree it's an important one.

Your observation on the other hand that Windmill is missing a big opportunity by not positioning itself well as an alternative to vmware is very astute and it's indeed something that we do plan in the future to improve.

rubenfiszel avatar May 22 '25 16:05 rubenfiszel

SSO Tax is indeed not a good product paywall. Subjective take, sure, but not without evidence. Although not ideal for a more general development backend, Airflow v3 can now get the job done, with LDAP. Not so shiny, but it does work; and nobody has to ask permission or jockey for position in a budget meeting to get it staged. The unique window of opportunity you have will be closing as the 3.x feature rollout continues. Airflow is quite entrenched, and has name recognition. It might be a good idea to reconsider paywalling auth. Your stakeholders are not operating from a place of enterprise knowledge in the trenches. @odesey is not wrong about getting a foot in the door. If you don't wish to attract new customers, well, that's not a good business model either.

https://sso.tax/

SSO Vendors are actively taking notice, and their businesses survive on promoting unencumbered solutions.

xeoneox avatar Jun 06 '25 14:06 xeoneox