Jigsaw-Code / outline-apps

Outline Client and Manager, developed by Jigsaw. Outline Manager makes it easy to create your own VPN server. Outline Client lets you share access to your VPN with anyone in your network, giving them access to the free and open internet.
https://getoutline.org/
Apache License 2.0
8.47k stars 1.37k forks source link

client single-sign on + 2fa #1863

Open taylorchu opened 6 years ago

taylorchu commented 6 years ago

This is helpful to distribute keys, and verify client's identity whenever the key is used.

Sometimes, we don't simply trust the person who "has" the key, this additional step should secure the organization network from leaked keys.

bemasc commented 6 years ago

What existing account system integration would be useful to you? Are you asking for 2FA support beyond what's already provided through SSO with a 2FA-enabled account system? What security violations are you concerned about, in the event of a leaked access key?

taylorchu commented 6 years ago

We use google login, which has built-in 2FA. I think that is a good start for us.

Here is a use case for this: besides getting access to public net, outline could also be used to give access to private net. It will be nice to configure to forward packets with outline for only certain subnets (to save money on ingress traffic). It is obvious that we need to ensure no unauthorized access to internal services.

bemasc commented 6 years ago

OK, thank you for helping us understand your use case.