Make SAML SP RBAC granular #41606
Labels
c-hte
Internal Customer Reference
feature-request
Used for new features in Teleport, improvements to current should be #enhancements
Currently, access to SAML Service Providers in Teleport is granted to users on an all or nothing basis.
The user has access to all Service Providers if:
options.idp.saml.enabled = true
(default)Like other services, we should offer granular access control through labels. We could either reuse
app_labels
, since SP's are treated like a subset of apps, or we could add a newsp_labels
field to roles.Note: the current functionality is not documented enough given that this behavior differs from other services (access granted to all users by default).
The text was updated successfully, but these errors were encountered: