New user provisioning | User creation through SSO
reviewed
A
Anthony Anderson
I want Liongard to provision accounts via the sso connection. AKA: Liongard should use Azure for account provisioning and role delegation.
Further, Role delegation should be more granular.
I expect that liongard will have DENY attributes on roles. The ability to create custom roles. The ability for Azure to provision accounts and delegate roles.
Merged in a post:
SSO User Provisioning
R
Robert Jindrick - Domain Admin
SSO implementation is nice and easy, but provisioning users is a pretty big inconvenience. For local accounts, sending an invite/activation for the user to click a link, set a password, and configure MFA makes sense. But if we are enforcing SSO, the users still go through the same setup when they will never use the password/MFA created on their local account.
Auto-provisioning using groups in Azure would be great, but a lot of development work. Instead, we could just have the option to disable invites/activations when SSO is configured. An admin would create their user account, configure roles/environment groups, and the user authenticates with SSO matching UPN. No need for any invites/activations!