Skip to main content

Community

Other: Force the use of SSO for logins

Not planned

Please sign in to leave a comment.

Comments

8 comments

  • Official comment

    Hi Alastair Bulloch and Jack C, thanks for the feedback. It sounds like you may already be aware that we DO allow account admins to force SSO for all users. That can be handled in the account settings here: 

     

    To confirm I understand, you are asking for more configurability around this, so that you can have at least one account that can use a password in case of an issue with SSO? 

    Thanks!

    Amy

    Alastair Bulloch - did you find a solution to this? Looking for the same type of requirement to force SSO and unset/deactivate password login for all users (expect perhaps a master break glass account in case SSO fails).

    Not yet, unfortunately.

    Amy Peterson - thanks, I had missed that setting.

    I assume that this won't restrict authentication via API using the API Key and Secret for any scripted tooling we use?

    Being able to override at a user or role level ( eg having a Super Admin or something) would be nice, but as long as there is a way to get back in if the SSO fails, such as getting in touch via email with Fivetran support then this should meet my needs.

    Cant speak for Alastair Bulloch however.

     

    Many thanks for the follow up!

    Jack Caesar that's right-- use of the API would be separate. Thanks again for the feedback!

    Hi Amy,

    Yes - you've understood it correctly: I can have all accounts use SAML but this isn't best practice I don't think. At least one account should be able to have a regular password in case SAML fails but the admin should also be able to force all other accounts to have SAML. This gives best of both worlds.

    Thanks

    A

    Thanks for confirming Alastair Bulloch! This isn't currently on our roadmap to support, but we will keep it in mind for future enhancements to SSO/SAML.

    This is indeed similar to my feature request here: Restrict login authorization to SAML (SSO) except for a single super-user

Didn’t find what you need?

Contact support