Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make SAML SP RBAC granular #41606

Open
Joerger opened this issue May 15, 2024 · 0 comments
Open

Make SAML SP RBAC granular #41606

Joerger opened this issue May 15, 2024 · 0 comments
Labels
feature-request Used for new features in Teleport, improvements to current should be #enhancements

Comments

@Joerger
Copy link
Contributor

Joerger commented May 15, 2024

Currently, access to SAML Service Providers in Teleport is granted to users on an all or nothing basis.

The user has access to all Service Providers if:

  • The Teleleport IdP is enabled (default)
  • All of the user's roles have options.idp.saml.enabled = true (default)

Like other services, we should offer granular access control through labels. We could either reuse app_labels, since SP's are treated like a subset of apps, or we could add a new sp_labels field to roles.

Note: the current functionality is not documented enough given that this behavior differs from other services (access granted to all users by default).
@Joerger Joerger added the feature-request Used for new features in Teleport, improvements to current should be #enhancements label May 15, 2024
@Joerger Joerger changed the title Make SAML SP rbac granular Make SAML SP RBAC granular May 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request Used for new features in Teleport, improvements to current should be #enhancements
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Joerger