Option to disable basic auth login form (when SSO is enabled ad set up) #1693
Replies: 3 comments 1 reply
-
|
I appreciate this idea. |
Beta Was this translation helpful? Give feedback.
-
|
I apply the same principles in the internal company apps, cuts the auditor questions about the password policy if the basic auth is disabled. |
Beta Was this translation helpful? Give feedback.
-
|
Disabling the /login endpoint for non-SSO requests would improve the security. to make it production ready we should ensure a "break-glass" override exists (like a CLI flag or ConfigMap toggle) so admins are not locked out if the SSO provider goes offline. |
Beta Was this translation helpful? Give feedback.
-
|
that's the whole challenge: managing the "break-glass" in a natural way, maybe we can explore a way where we can have this: if the SSO is enabled have it as primary and collapse the local login |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Problem statement
It would be nice to be able to disable basic auth login for increased security, once the SSO has been set up.
I imagine there can be an option in the UI to disable it.
As a fallback mechanism, there can be a fallback option to enable it back directly with access to the workloads, in case of emergency similar to this mechanism from the docs.
Additional context
Once the SSO has been set up and working, the basic auth fields are creating the confusion with the users (at least in my case). It would be great to be able to at least hide the login form on the frontend, if not completely disabling the login method.
Thanks,
Niko
Beta Was this translation helpful? Give feedback.
All reactions