Open MarianRaphael opened 5 months ago
SSO is related to users, not teams and gets applied to all users for a given email domain. This is why it has to be managed by the platform admin and cannot be self-service.
We do not allow self-service of this because we have to validate the user has authority to enable SSO for an entire email domain. For example, we would not want a team to self-service enable SSO for @gmail.com
.
Need to better understand the use case here with the customer to be sure this is the "right" solution. As presented currently, this is not feasible, but we don't want to rule out the customer request if there is another way around it.
Description
Current Situation
At present, the configuration of Single Sign-On (SSO) in FlowFuse is exclusively manageable through the FlowFuse Admin panel. This setup primarily impacts FF Cloud Users who are frequently unaware of the necessity to initiate a support ticket for an Admin to set up SSO on their behalf.
Feature Description
The proposed enhancement involves empowering Team Owners with the ability to directly configure SSO settings. This functionality would be integrated into the Team Admin Zone, specifically under the "Team Settings" section. By implementing this feature, we aim to streamline the SSO setup process, making it more user-friendly and efficient. It should still be possible for a FlowFuse Admin to set up configs.
Which customers would this be available to
Enterprise Tier Only (EE)
Have you provided an initial effort estimate for this issue?
I have provided an initial effort estimate
Customer requested: