Multiple AWS SSO Support

[rianbk]

Is your feature request related to a problem? Please describe. No

Describe the solution you'd like Support for multiple SSO accounts. Hi, I work across alot of AWS SSO environments, being able to have all of them in leap would be great

Describe alternatives you've considered N/A

Additional context N/A

[ericvilla]

Hi @rianbk, I think this is already described in bug #57. Please, give it a look and confirm here. Thanks

[rianbk]

Hey @ericvilla , no with this i'm talking about multiple AWS SSO "root" accounts. Not child accounts under a SSO setup

[ericvilla]

Ok, now I understood what you meant! It is an interesting enhancement, given that a single person may access different AWS Organizations at the same time, for example when working with customers. At this moment it is not in the roadmap, but we could consider adding it for the next releases.

[infsy]

I've got the same need than @rianbk . Using Leapp is addictive, and so be able to switch between client organizations would be awesome !

[andreacavagna01]

This is a thing we are trying to achieve for the next release, I'll add it in the v1.0 roadmap

[andreacavagna01]

@infsy and @rianbk, how do you expect a UI for multiple AWS SSO account management?

[infsy]

I guess @andreacavagna01 we should first have the option to fill multiple AWS SSO identity providers in the Integrations. Then, in the Home menu I could use the AWS icon to select the right SSO IDP to work with. Does it make sense ?

[rianbk]

@infsy and @rianbk, how do you expect a UI for multiple AWS SSO account management?

For me I’d be happy with the same format (everything just in one big list - that’s why search exists?) maybe some prefixing or something to show what account it’s from

[marshallamey]

I thought that I would be able to select SSO as an Access Strategy for adding multiple accounts in different organizations. This was the main reason I was drawn to Leapp. As an MSP, it would make life a lot easier.

[andreacavagna01]

Great Idea, it's something I think could be implemented in the Daemon and then added from the core logic to the Client

[james-kontralto]

I have a need for this, to fill in another use case: having a second org(and thus another IDP) to test out infrastructure before rolling it out to prod. I've consulted for 2 different enterprises who follow this pattern, and being able to switch between orgs/IDPs seamlessly would be huge.

[andreacavagna01]

What will be the favorite flow for this? To have all the sessions for both AWS Single Sign-On available at the same time or the ability to switch from one to another?

[james-kontralto]

I think ideally I'd like to be signed into both - I can envision firing out the infra to the test org, validating, then immediately rolling it out to prod. On the flipside, I think there's a safety aspect to being authed to only one org at a time. I can do all of the testing required, then switch over to prod, without the worry that I was actually in prod the whole time. Minor, but it came to mind. :)

[andreacavagna01]

I think it will be a great thing to add the ability to group Sessions by AWS Single Sign-On to find them better. But at least have the ability to have more than one integration at the same time. :)

[james-kontralto]

Agreed! Can't wait to see this in the app, I love using it so far!

[hoegertn]

Is there any ETA for this feature? Currently, I can only use Leapp for one client instead of all my clients.

[hoegertn]

@andreacavagna01 Anything new on this? I need to decide if I can keep using Leapp or look somewhere else in the near future. So any ETA would be great to plan.

[pethron]

The current ETA for this is ~3 months. The current issue is that we perceive configuring multiple AWS SSO as a collaboration feature to be introduced in the Leapp paid tier. We are trying to gather as much feedback as possible on this to take a direction as we would prefer to leave this on the open-source project since it benefits everyone. Sill, we also need to make a choice that doesn't hinder the project's sustainability. We can talk here or open a dedicated discussion. Currently, you can see at #178 the features division in tiers.

[m-radzikowski]

I think this is done in just released v0.8.0.

[pethron]

Closing due to release v0.8.0