Suggest to update all portals to allow for SAML/OAuth.
More and more businesses rely on Cloud enabled accounts (Google/AzureAD/Github etc).
since LDAP is not supported in cloud environments, without implementing makeshift workarounds, these modules are not available to organizations leveraging cloud identities.
Group memberships would most likely have to be maintained within eramba …
just a thought.
hello jonas!! our forum is reminding me you have been quiet for a long time!
all portals (except awareness which needs ldap to sync users) support ldap/saml … which one did not work for you?
Yes i’ve had a few changes in jobs in the mean time - just started using eramba again for my new position.
The portals in question are the awareness and policy ones.
The solution is exposed to the internet so exposing policies without login is not an option - neither is LDAP unfortunately.
but it’s great to be back
Are there any plans to enable Oauth/SAML on Policy and awareness portals ?
the awareness module must use ldap, no other way around as its deeply rooted in that technology. in the case of policy portal, when group authorization is not used on any of the policies it could use SAML…that requires a logic:
on system / settings / authentication / policy portal … you could only enable saml/oauth (as inherited from the main authentication) if no existing policy has “group authorization” as a setting, otherwise this option is simply not possible.
int ref: https://github.com/eramba/eramba_v2/issues/2757
int ref: https://eramba.zendesk.com/agent/tickets/10534
To revive an old thread, has anyone successfully configured SAML auth for the Policy portal?
Under settings > authentication > policy, all I can see is my LDAP connector. I do have SAML (OKTA) configured and working for the Main portal.
For my policy item itself, Policy Portal Permission is set to LDAP Auth required and Enable Specific Groups disabled.
I only have the Main portal and Policy portal enabled.
This feature was not yet implemented.
I would like to request that any portal that supports SAML and is enabled be added to the metadata ( md:AssertionConsumerService) that is generated at http[s]://servernamehere/samlConnectors/getMetadata
This could be the default or Configuration options to enable for each portal.
This would allow SAML IDPs to automatically pull the metadata and not rely on static content.