Pangolin
Don't make external Identity Provider the default for ALL resources #2832
TheD3vilsAdvocate
started this conversation in
Feature Requests
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Summary
When I set authentik as an identity provider in Pangolin it becomes the de facto standard login for every public resource no matter what I select.
Meaning: users will always be allowed to login via authentik even if the default authentication for a singular resource is set to "none". If I open such a resource on my browser, Pangolin's Login window will appear but the authentik login button will always be there as well, thus granting the user access via Pangolin.
In order to increase security I'd like to force Pangolin's SSO for some resources but not for others.
Motivation
Security. This would allow me to force double-SSO (Pangolin + authentik) for some resources. This would be helpful in case there is a vulnerability in either authentik or Pangolin.
Proposed Solution
-Let the user chose between third party SSO and Pangolin's SSO on a per-resource basis
Alternatives Considered
No response
Additional Context
No response
Beta Was this translation helpful? Give feedback.
All reactions