OIDC (OpenID) Authentication
launched
Matt
It would be great to implement a SAML authentication method, which would allow us to use our own authentication systems. Currently we are using Azure AD for our SAML provider and have integrated it with many other MSP tools.
Steve Staden
All, I renamed this request to reflect the work that was done for SSO, meaning support for OIDC. I've created a new request for SAML 2.0 specifically to accurately capture your requests - https://dnsfilter.canny.io/feature-requests/p/saml-20-authentication-1. Please also include your IdP if possible as a comment. I'll work to add items into that ticket that already existed here.
Please log any new protocol or vendor specific requests separately so we can track them correctly. Appreciate your patience as we organize this.
Christopher
+ Azure AD
Steve Staden
Christopher: Can you vote for that here - https://dnsfilter.canny.io/feature-requests/p/azuread-direct-connection-no-sync-tool.
Steve Staden
All, I renamed this request to reflect the work that was done for SSO, meaning support for OIDC. I've created a new request for SAML 2.0 specifically to accurately capture your requests - https://dnsfilter.canny.io/feature-requests/p/saml-20-authentication-1. Please also include your IdP if possible as a comment. I'll work to add items into that ticket that already existed here.
Please log any new protocol or vendor specific requests separately so we can track them correctly. Appreciate your patience as we organize this.
Andrew
Steve Staden: OIDC with Azure AD works fine for my use case - SSO for admin auth to app.dnsfilter.com.
Besides companies unable to use OIDC and stuck with SAML, are there any other... benefits to SAML if OIDC support is available from the IdP?
Also, am I supposed to remove my upvote for this feature if I no longer want to be notified? I assume features are assessed based on written feedback and upvotes.
Steve Staden
Andrew: Not to my knowledge, I think the desire for SAML 2.0 is primarily for existing implementations that do not support OIDC.
Sorry about the notification. We noticed folks were still adding to this item and wanted to clarify the requests. There is no way currently for me to lock a post, so yes, removing your vote stop notifications. Appreciate your comments.
Robert
Please implement SAML 2.0
Aliese
launched
Hi voters!
Single Sign-On is now available to all subscriptions, and can be configured by owners. This first iteration uses a Generic OIDC authentication protocol. We'll evaluate SAML for future iterations.
Navigate to Organization, Settings, Single Sign-On to begin.
We've also created supporting documentation to walk you through the process!
Matt
Aliese: IT WORKS!!! Thanks for getting this implemented!!!
Adam Bulgatz
Aliese: SSO is broken for MSPs, as we can no longer managed the users for our clients' organizations, and the SSO permissions are not granular enough, as we cannot specify organization-level access, and "read-only" access to all organizations is too permissive.
Aliese
Adam Bulgatz: Hi Adam, thanks for the feedback! Currently, SSO can be configured by organization, allowing you to specify organization-level access. If you're an MSP, you're able to configure SSO by organization as opposed to configuring on the MSP dashboard. Let me know if this helps or if you'd like to talk through further!
Adam Bulgatz
Aliese: That doesn't help. Support has acknowledged this as a bug. The ticket number is 18840. Until this is fixed SSO is unusable for MSPs, as we cannot manage our client users.
Aliese
Adam Bulgatz: Hi Adam - I spoke with Support and reviewed your ticket. It is a confirmed bug, you should be able to view dashboard users within the product after SSO is configured.
We have assigned this bug to an engineer to investigate and will keep you updated. Your dashboard users should be unaffected, and continue to login in with their e-mail and password.
Thanks again for reporting this so we can ensure we deliver the best product!
Aliese
in progress ( live <90 days )
Hi voters! SSO utilizing OpenID Connect (OIDC) protocol is progress, and will allow you to configure to supported IdPs such as Azure, Okta, and more! Coming soon!
Derek Gabriel
Aliese: 🙌🙌🙌
Iain
Aliese: That's amazing! OneLogin should be on the list as well.
Adam Bulgatz
AzureAD
John
Okta (SAML and SCIM)
David
Any update on this capability? This is one of a handful of services we're using that still don't support SSO, nor is there proper enforcement of 2FA, and is a hassle to make sure new users are setting up 2FA on/after account creation.
Martin
please support jumpcloud, also SCIM integration would be nice to have
Martin Farkas
AzureAD
Load More
→