bnfinet
commented
9 months ago I would set them up as parallel but separate NGINX servers hooked into seperate VP instances for both work.domain.com and partners.domain.com
You could also use a satisfy any strategy with a regular http password, though that's not best practice
http://nginx.org/en/docs/http/ngx_http_core_module.html#satisfy
Here's something fancier that might work but I've not tried this method https://stackoverflow.com/questions/45822565/is-there-a-way-to-use-multiple-auth-request-directives-in-nginx
VP is fairly cheap resources wise. The underlying philosophy is to keep separate authorized groups of users in separate VP buckets so as to limit the opportunity to expose one side to another.
There has sometimes been talk of going for something fancier akin to RBAC or full ACL but that is not likely to be implemented any time soon.
david-judge
Hi, I'm using vouch-proxy (behind nginx) to authenticate Google accounts that are from my organisation's domain. So my organisation's Google accounts are all in the format: first.second@work.domain.com and I've configured Vouch with the domain, "work.domain.com", and so anyone from the organisation can login to the site.
My question is, we have a few external users (without a google account or organisation account) that we would like to have access to our site. How do I set that up - so organisation accounts are handled as currently but external users have to authenticate through a separate bespoke login page?
Thanks, Dave