Provide labeling to allow controlling which roles have access to SPs with SAML-IDp

gravitational / teleport

The easiest, and most secure way to access and protect all of your infrastructure.

https://goteleport.com

GNU Affero General Public License v3.0

17.34k stars 1.74k forks source link

Provide labeling to allow controlling which roles have access to SPs with SAML-IDp #37694

Open stevenGravy opened 7 months ago

stevenGravy commented 7 months ago

What would you like Teleport to do?

Allow labeling SPs registered with SAML Idp to allow or deny access by role.

What problem does this solve?

Most Idps allow limiting by the user, role or group which services through an Idp a user can access.This would provide that so only the appriopiate audience can attempt to access a SP.

If a workaround exists, please include it.

If the SP is served by Teleport through app access that can limit access.

flyinghermit commented 3 weeks ago

update - this is in progress and tracked in https://github.com/gravitational/teleport.e/issues/4723