search

gravitational / teleport

The easiest, and most secure way to access and protect all of your infrastructure.
https://goteleport.com
GNU Affero General Public License v3.0
16.93k stars 1.7k forks source link

Add the "device/enroll" to default roles #43127

Open codingllama opened 1 week ago

codingllama commented 1 week ago

What would you like Teleport to do?

Let users enroll their own devices by default.

There a few different ways this could go:

  1. Exempt users of having device/enroll if auto-enrollment is enabled (like we do for device token creation)
  2. Add the device/enroll to default roles

What problem does this solve?

Since #29606 Teleport effectively expects users to enroll their own devices, but that isn't a permission granted by default.

If a workaround exists, please include it.

Edit the user's roles to include device/enroll, as desired.