Skip to main content
Docs
Feature Requests Onboarding Trust Center Status Page

Community

Other: Force the use of SSO for logins

Not planned
Alastair Bulloch User

Hello,

I manage our Fivetran account and would like as many as users to use SSO as possible (due to security).

I'm aware that it's good practice to ensure that at least one account has a long and complex password instead of SSO, in case that the SSO mechanism fails for some reason. However, in all other cases I'd like my users to use SSO.

Options to improve the current situation might include:

- Add a "Use SSO" button on Fivetran log in page

- Add ability for account owner to force specific users to use SSO instead of a user name and password

- Add ability for account owner to clear a users' password

Many thanks,

Alastair

 

Please sign in to leave a comment.

Comments

8 comments

Date Votes
  • Official comment
    Amy Peterson Fivetranner

    Hi Alastair Bulloch and Jack C, thanks for the feedback. It sounds like you may already be aware that we DO allow account admins to force SSO for all users. That can be handled in the account settings here: 

     

    To confirm I understand, you are asking for more configurability around this, so that you can have at least one account that can use a password in case of an issue with SSO? 

    Thanks!

    Amy

  • Jack C User

    Alastair Bulloch - did you find a solution to this? Looking for the same type of requirement to force SSO and unset/deactivate password login for all users (expect perhaps a master break glass account in case SSO fails).

  • Alastair Bulloch User

    Not yet, unfortunately.

  • Jack Caesar User

    Amy Peterson - thanks, I had missed that setting.

    I assume that this won't restrict authentication via API using the API Key and Secret for any scripted tooling we use?

    Being able to override at a user or role level ( eg having a Super Admin or something) would be nice, but as long as there is a way to get back in if the SSO fails, such as getting in touch via email with Fivetran support then this should meet my needs.

    Cant speak for Alastair Bulloch however.

     

    Many thanks for the follow up!

  • Amy Peterson Fivetranner

    Jack Caesar that's right-- use of the API would be separate. Thanks again for the feedback!

  • Alastair Bulloch User

    Hi Amy,

    Yes - you've understood it correctly: I can have all accounts use SAML but this isn't best practice I don't think. At least one account should be able to have a regular password in case SAML fails but the admin should also be able to force all other accounts to have SAML. This gives best of both worlds.

    Thanks

    A

  • Amy Peterson Fivetranner

    Thanks for confirming Alastair Bulloch! This isn't currently on our roadmap to support, but we will keep it in mind for future enhancements to SSO/SAML.

  • Yaakov Bressler User

    This is indeed similar to my feature request here: Restrict login authorization to SAML (SSO) except for a single super-user