We bought a vendor web application.
In order to log into this vendor's web application, we would have to vpn into our network and use our window's account to login into this app.
I am assuming we VPN in and then use our AD account to Window Authenticate. Once this is done on our side, it uses a single sign-on to access the web application and pass window's account to the vendor web application. Can someone confirms this because I cannot imagine a company would give a vendor direct access to its AD server?
In addition, the vendor also supplied us with one SQL Authentication account to access their report server. I can track which user running which report at the report level because the data sources use Window Authentication.
With that being said, our network security admin shared today using a single SQL Authentication account is unsafe and he wants us to access the vendor's report server through our AD accounts (Window Authentication). How would this be possible? I mean when we log into Facebook, Yelp, Twitter, etc... we are not using Window Authentication. We are most likely using a generated SQL Authentication account (with tables driven), right?