Open M0ustach3 opened 4 months ago
budachst
commented
3 months ago Nice feature, but you'd still have to fetch the SSH keys for that account as well. SSHPortal, which we used before, utilized a kind of "invitation" scheme for that. It would send a mail message to the new user and provide a special SSH user token. Once the new account connected via SSH to the portal, the public ssh key would be stored for that user account.
M0ustach3
commented
2 months ago Hi,
Apologies for the late answer, been busy lately.
The idea I had in mind was to leverage Warpgate's ability to NOT require additional client-side software to generate dynamically an SSH certificate if the SSO request was granted. (I'm using Vault to generate SSH certificates) That way, there would be no need to store public keys anywhere, as the certificate would be injected into the backend SSH connection.
This would enable the dynamic creation of short-lived SSH certificates, thus greatly enhancing security in a corporate-wide context.
Cheers,
Hi,
I wonder If It would be possible to auto-create users when they first login via an SSO provider ? I'm currently using a custom one, but it should not matter much.
This would allow dynamic user creation, thus avoiding manual account creation and manual linking to SSO email.
What do you guys think ?
Cheers