getsantry[bot]
commented
3 months ago Assigning to @getsentry/support for routing ⏲️
Open Fwang36 opened 3 months ago
getsantry[bot]
commented
3 months ago Assigning to @getsentry/support for routing ⏲️
getsantry[bot]
commented
3 months ago Routing to @getsentry/product-owners-sign-in for triage ⏲️
leedongwei
commented
3 months ago Fair feedback. We'll try to address this when we rework auth.
The current workaround is for the user to go through the password recovery flow.
Problem Statement
When implementing SSO to an org, if the user assigned to the SSO provider already has a Sentry account, we prompt the user to confirm their account by providing the username and password of the account which we then link their existing Sentry account with their SSO identity. We do not require a user to create a password when the account is created via SSO. The leads to situations where many Sentry accounts do not have passwords and therefore unable to confirm their account by providing a username and password.
For example, If an org were to migrate to a new SSO provider, users who already have Sentry accounts would need to link to a new identity. If they've only signed in via SSO, they would not have a username and password, and would get stuck at the link identity page where they are confused by what password to provide when their account has none.
Example Prompt -
Solution Brainstorm
Can we remove that prompt altogether? If we don't require a password for an account created via SSO sign in, do we need to require a password when we link the identity to a new SSO?
Or is just an email confirmation enough?
For now, can we add some messaging to the prompt for users that do not have a password, that they can create a password through the account recovery flow? The prompt currently assumes all users have a username and password, but that's not the case.
Product Area
Sign In