Suggest to update all portals to allow for SAML/OAuth.
More and more businesses rely on Cloud enabled accounts (Google/AzureAD/Github etc).
since LDAP is not supported in cloud environments, without implementing makeshift workarounds, these modules are not available to organizations leveraging cloud identities.
Group memberships would most likely have to be maintained within eramba …
Yes i’ve had a few changes in jobs in the mean time - just started using eramba again for my new position.
The portals in question are the awareness and policy ones.
The solution is exposed to the internet so exposing policies without login is not an option - neither is LDAP unfortunately.
the awareness module must use ldap, no other way around as its deeply rooted in that technology. in the case of policy portal, when group authorization is not used on any of the policies it could use SAML…that requires a logic:
on system / settings / authentication / policy portal … you could only enable saml/oauth (as inherited from the main authentication) if no existing policy has “group authorization” as a setting, otherwise this option is simply not possible.
I would like to request that any portal that supports SAML and is enabled be added to the metadata ( md:AssertionConsumerService) that is generated at http[s]://servernamehere/samlConnectors/getMetadata
This could be the default or Configuration options to enable for each portal.
This would allow SAML IDPs to automatically pull the metadata and not rely on static content.