disable user login with password after SSO is enabled - Githubissues

SigNoz / signoz

SigNoz is an open-source observability platform native to OpenTelemetry with logs, traces and metrics in a single application. An open-source alternative to DataDog, NewRelic, etc. 🔥 🖥. 👉 Open source Application Performance Monitoring (APM) & Observability tool

https://signoz.io

Other

17.6k stars 1.1k forks source link

disable user login with password after SSO is enabled #5137

Open prashant-shahi opened 1 month ago

prashant-shahi commented 1 month ago

Bug description

Even after SSO is configured and enabled, users who were already there or those who are invited using email can still bypass login using password.

Expected behavior

An option to enforce SSO login so no users can login using email-password.

How to reproduce

Configure SSO in cloud SigNoz tenant or self-hosted enterprise
Go to login page with password=Y query parameter: https://{SIGNOZ_URL}/login?password=Y
Login with email-password credentials

Version information

Signoz version: develop
Browser version: NA
Your OS and version: NA
Your CPU Architecture(ARM/Intel): NA

Additional context

Additional option in SAML setting to enforce SSO login can be there.

We have login with password=Y in place so that in case of any SSO misconfiguration, users can still login.

welcome[bot] commented 1 month ago

Thanks for opening this issue. A team member should give feedback soon. In the meantime, feel free to check out the contributing guidelines.

prashant-shahi commented 1 week ago

Current behaviour when SSO is enabled:

Either it has to be SSO login
Or existing Admin for user/pwd login
invited Editor/Viewer cannot login with user/pwd