We have a team in our organization tasked with onboarding customers with Single Sign-On. We have been building tools for them with the FusionAuth API. It would be simpler for us to use the GUI interfaces available in the FusionAuth console, but to minimize the security exposure, we don't want to give these users the admin role to enable access to the Identity Providers screens.
Solution
We'd like to give these users an idp_manager role that will allow them to view and manage identity providers without giving them access to all the functions in the admin role.
Alternatives/workarounds
We've been building our own tools using the /api/identity-provider endpoint in the API, and have given our application permission to that endpoint on its API Key. At some point we feel like we're unnecessarily rebuilding the tools that already exist in the FusionAuth console.
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.
IDP Manager User Application Role
Problem
We have a team in our organization tasked with onboarding customers with Single Sign-On. We have been building tools for them with the FusionAuth API. It would be simpler for us to use the GUI interfaces available in the FusionAuth console, but to minimize the security exposure, we don't want to give these users the
admin
role to enable access to theIdentity Providers
screens.Solution
We'd like to give these users an
idp_manager
role that will allow them to view and manage identity providers without giving them access to all the functions in theadmin
role.Alternatives/workarounds
We've been building our own tools using the
/api/identity-provider
endpoint in the API, and have given our application permission to that endpoint on its API Key. At some point we feel like we're unnecessarily rebuilding the tools that already exist in the FusionAuth console.Additional context
We looked at the documented set of User Application Roles here: https://fusionauth.io/docs/get-started/core-concepts/roles#fusionauth-application-roles, and didn't see anything specific to IDP management (and only that).
Community guidelines
All issues filed in this repository must abide by the FusionAuth community guidelines.
How to vote
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.