You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, access to SAML Service Providers in Teleport is granted to users on an all or nothing basis.
The user has access to all Service Providers if:
The Teleleport IdP is enabled (default)
All of the user's roles have options.idp.saml.enabled = true (default)
Like other services, we should offer granular access control through labels. We could either reuse app_labels, since SP's are treated like a subset of apps, or we could add a new sp_labels field to roles.
Note: the current functionality is not documented enough given that this behavior differs from other services (access granted to all users by default).
The text was updated successfully, but these errors were encountered:
Currently, access to SAML Service Providers in Teleport is granted to users on an all or nothing basis.
The user has access to all Service Providers if:
options.idp.saml.enabled = true
(default)Like other services, we should offer granular access control through labels. We could either reuse
app_labels
, since SP's are treated like a subset of apps, or we could add a newsp_labels
field to roles.Note: the current functionality is not documented enough given that this behavior differs from other services (access granted to all users by default).
The text was updated successfully, but these errors were encountered: