Is Ziti Enterprise ready?

Hey guys,

i have a few questions about bigger environments.

i can auto-create the identities from an Active-Directory? Of course, i can export it from AD and import with API, but auto-creation for new users in group xy would be fine
can i link services to ad groups? maybe with attributes (map AD-Group to Ziti-Identity-Attribute)?

I would also say:
For everyone how is new with ziti, it is very complex and hard to understand. For me it should more be than a firewall rule table - but for applications.

Identity/Group - intercept address - send address - service/ports - going through router

At this time there's no open source mechanism in place to synch identities from AD to ziti. The NetFoundry console, I believe, has this feature but there's no open source equivalent. It'd be a great contribution to the community though. It's just not there at this time that I know of. (someone might correct me).

Thanks for the feedback. I appreciate it. To me, that's basically what it is. If you use the UI and make a service using the "simplified" flow, that's exactly what you'll see:

image1254×565 44.2 KB

Using the ziti CLI is a bit more until you get used to it, but when you do I think it'll be more clear. The UI definitely does a good job of presenting it as you laid it out imo.

For reference @fre4ki, this is how NetFoundry does it - https://support.netfoundry.io/hc/en-us/articles/360028298092-Client-Sync-Integration-with-Azure-Active-Directory. I believe others in the open source have mentioned developing similar but I am not aware of anyone open sourcing it yet.

Thank you for this. I read that.

Yes, you are right. But, when i want to edit something i have so many different sections and not the "create a simple service" window for editing.

I'm coming from firewalls and for me it is more clear there. Maybe i expect to much but i just want to discuss this.