Closed fmichaelobrien closed 1 week ago
20240406: Closing issue during retrofit/rebase of this TEF V1 based/modified repo to TEF V4 standards This issue may participate in the LZ refactor after rebase Query on all issues related to the older V1 version via the tag https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/labels/2024-pre-tef-v4
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days
add Authentication flows (saml) (rbac, demo context awareness (geo, +, user pattern(armor checks ip/))
user classes
cl 1: priv users
cl 2: bus (auth flow)
cl 3: ext bus users (auth flow) - IE: foreign location (limited view/timed creds)
verify ip whitelisting -show local IAM (secondary use for very minimal breakglass accounts (title only-not-actual-name) for now) for now until federation comes in (spin off IAM flows - check PAM - Access Context Manager (check IBM cyber arc) https://console.cloud.google.com/security/access-level
Service account user id/password (use and management), TF and any additional roles that imply new SA creation
Document in https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/blob/main/docs/architecture.md
However we need an example for all flow types