marcinwyszynski
commented
2 years ago We have considered that and decided against it. In order to enable OIDC or SAML integration we actually perform a browser redirect to verify the new settings, to prevent you getting locked out of your account. This needs to happen synchronously, so it's not a good fit for automation.
Hey,
Have you considered adding OIDC and SAML resources for configuring and managing Single Sign-Ons?
We have a Terraform stacks provisioning an Enterprise Applications in Azure AD and generating corresponding OIDC credentials, and would love to integrate that into Spacelift.
As of now, one has to run the Azure AD Terraform stack and is then forced to manually copy over the client id and secret it into the web UI or directly interact with the GraphQL API.
Dedicated Spacelift resources would enable a self-rotating OIDC credentials setup, reducing the risks of accidentally forgetting to rotate and locking oneself out.