Azure SSO
-
Please add the ability to link at the system level to existing Azure Active Directories to relive the need to manage local accounts. This would also enable organizations to use their existing SSO and MFA workflows.
For decentralized organizations this is essential for implementation to easily spin up new sites and use existing directories to determine not only authentication but also authorization.
Ideally a group in Azure would map to a Site in SecTeer. So that managing who can access what sites is done entirely inside of your existing directory using groups. Having a third party app with it's own set of local accounts add security issue that some organizations will not be comfortable with.
Helpful control's that are maybe easier to implement than Azure SSO would be:
System administrators should be able to force the setup of MFA for users while we wait for Azure SSO integration.
System administrators should be able to see which accounts have MFA enabled and which don't. -
@jak552 We discussed this a few days ago, it sounds like this is viable to implement in a soon to come UI update.
With some luck before the end of the year. -
@Tom What about the other mitigations I mentioned between now and getting Azure SSO.
"Helpful control's that are maybe easier to implement than Azure SSO would be:
System administrators should be able to force the setup of MFA for users while we wait for Azure SSO integration.
Without the ability to enforce MFA system administrators should be able to see which accounts have MFA enabled and which don't." -
@jak552 Thank you for the suggestions about SSO and MFA.
The SSO is sort of on the roadmap, as part of our next larger development tasks.
We will take the association between groups and sites into consideration, though my impression is that most of our current customers have multiple AD groups per site.
It sounds like we need to consider how we can be flexible, so one AD could be one site in some cases, and another AD could span multiple sites in other cases.
Thanks.