Is this vulnerability fixed? Active Directory SSO Disabled for 8.1.17 & 7.9.20 – Inductive Automation Help Center
No.
What is the recommended way to handle logins for large companies that use SSO for everything else ?
Identity Providers provide SSO and they seem to be the future at most large/enterprise companies we work with.
We use Azure SAML SSO
Will there be a way to provide a local usersource as failover or a selectable alternative in the event of a internet outage and Azure/Okta/whatever isn't available?
Implementing a local IdP like Keycloak would provide this. Keycloak can be configured to support an external IdP (Azure / Okta / Duo) as well as one hosted by Keycloak itself.
1 Like
There are external ways to handle this by utilizing an IDP that can broker IDPs, like Keycloak.
1 Like
Sure, but it'd be really nice to not have to create another highly available system to proxy sso requests at each of our sites. Especially since Ignition has a local user database already integrated. It could do something like what Proxmox does:
Where you can just select which of the available login sources you want to use.
What I'd personally like to see with the built-in IdP is MFA using TOTP codes. (Could do it with email, but I'm not a fan of using email/SMS for MFA)
This is very interesting, thank you. It does introduce some complexity to the infrastructure due to the additional dependency. It would have been great if Ignition included this functionality by default.
Btw, adding Kerberos as IdP could be the solution since it happens on premise.
On the contrary, I like that IA leaves standardized behaviors to standardized implementations.
1 Like