AzureAD Authentication
0 vote
It would be nice to use Azure native authentication over the sync process that occurs today. Main benefit being able to leverage any user/group in real-time.
Additional whish list to further enhance the product:
- Don't require that users/groups are assigned to a vault. in order to give them access to a vault folder or entry. Alternatively, don't make that an admin only function. Allow a "super users" role for assigning users to a vault.
- Allow giving users permission to an object without the need for users to complete an initial login. In today's platform, users don't appear and are not selectable unless they have logged in at least once.
Thanks
All Comments (3)
Hello Henry,
- We do authenticate in real time, but if your cache is enabled we check group memberships in the cache because its faster than calculating recursive membership when it exists. The DVLS team leader is working on revamp, but its quite complex with all of the use cases. We'll keep at it.
- That's a design in line with RDM's RBAC, I don't think we'll be able to change that, but we do have a sharing feature coming that could help. Cant promise anything for now.
- we intend to "explode" the admin roles and be able to specify a vault owner. It can only be delivered in 2022 I'm afraid
- ah, interesting. It would mean to browse your AD/AAD to grab the unique identifier of the account, then set it to a "unregistered" state. Being an incorrigible optimist, I would say this seems the easiest of your requests. I'll open a ticket to trigger an internal discussion.
Sorry we cannot deliver this sooner, we are in fact almost code complete for our next release and the next one is already pretty packed.
Maurice
for # 3, we would want to be able to grab the unique identifier of the user account or the group.
thanks Maurice
indeed, user and groups.
I'll pass that along to the team
Maurice