Allow REMOTE_USER authentication to JIT provision accounts #3440
Comments
|
@spencerryan have you managed to test if #3402 works for you? |
|
@spencerryan any chance you've had a look at #3402 yet? |
|
Thank you for your input on Cachet 2.x. We are shifting our attention and resources to Cachet 3.x and will no longer be supporting the 2.x version. If your feedback or issue is relevant to the 3.x series, we encourage you to engage with the new branch. For more information on the Cachet rebuild and our plans for 3.x, you can read the announcement here. We appreciate your understanding and look forward to your contributions to the new version. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The addition of REMOTE_USER authentication is fantastic!
One last feature we would need to make this extremely useful is for Cachet to be able to create accounts on the fly if one does not exist, that way any user who is authenticated by the external IdP does not have to go through another sign up process.
I like the way DataDog accomplishes this. When JIT user creation is enabled you specify a list of email domains that are JIT capable, and what security group you want new users to go into. When a login comes via the IdP if there is an existing account nothing happens, but if there isn't one the email address (login) is checked against the JIT list and if the domain matches a new account is created and the user is seamlessly logged in.
The text was updated successfully, but these errors were encountered: