Similar to how you’re syncing LDAP accounts to local accounts, you would be able to use Just-in-Time provisioning to create local accounts through SAML. Instead of syncing users from an Active Directory instance, with Just-in-Time provisioning users are created and updated dynamically when they log in, based on SAML assertions sent by the identity provider.
This would be a massive benefit - a default group be set if no group info is passed, or if group info is passed and matches an existng group in eramba then the user would be set as a member of the group
We were thinking on using SAML only to authenticate users, the eramba user must be previously created (trough imports or ldap sync) before you can authenticate it !
Think on using or decided?
If just in time provisioning is still a possibility please let me know, if not I will have to consider alternatives as we cannot connect Eramba to our ldap directory.
saml 2.0 will be used as another authentication method alone not used for syncing accounts to eramba, for that we use ldap.
Can you put on the pipeline provisioning (even if is not in the near future) ? I guess that’s the major factor to use SAML instead of LDAP or Oauth which you already support.
For the time being we need to keep this as it is … sorry but we have too many fronts and we need to choose battles carefully !
taadaaaaa, SAML finally seems to work and will be part of release 2.7.0 (due for this week or next monday)
video: SAML Introduction - YouTube
THIS IS BETA!!! meaning, it should work but we are sure there will be updates.
Wow! Thank you for this feature.
Thank you guys. This is much appreciated from our end!
Great work! This is definitely beneficial.
Lets see if it works … ! Update is available.
cool - and it works?
yup, it worked. bypass 20 chars limit
this is this forum limit of minimum words righy? i hate it and i dont know how to get rid of it …
Also worked with OKTA. So now we have OKTA sign-in which means 2fa and a Eramba button on OKTA menu. Cool stuff.