Self service SSO configuration
complete
M
Maria Lepp
Allow customers to configure and manage SSO directly in Port UI without requiring support or customer success assistance.
Proposed Solution:
Introduce a self-service SSO feature that enables Port administrators to configure and manage SSO directly in Port UI without requiring support or customer success assistance.
This feature should include native support for major providers like AzureAD and Okta, ability to test it before enforcing, and ability to apply additional provisioning like SCIM.
Naama Ben Oliel Ronen
marked this post as
complete
We’ll start rolling out Self Service SSO in the next few days!
With this feature, you can create and manage your SSO connection, edit existing SSO connections, and control related access settings, including:
- Blocking domains from social login.
- Updating the maximum session timeout.
- Setting group allowlists and blocklists.
- And more.
The feature will be available in the Organizational Settings under a new SSO tab. To access this tab, you’ll need the Company Admin role.
Naama Ben Oliel Ronen
marked this post as
in progress
M
Mike Lekar
Naama Ben Oliel Ronen
Can you share the link of the whole feature?
I hope group Mapping is included
Naama Ben Oliel Ronen
Hi Mike Lekar , this feature will let you set up an SSO connection with any IdP and protocol. It will also make it easy to configure allowlist and blocklist groups, including a regex playground, block specific domains from social login, and even update your existing SSO connection, for example updating certificates, domains, and more. SCIM is managed in a separate product that will be launching soon. Hope this answers your question.
M
Mike Lekar
Naama Ben Oliel Ronen
Current SSO is missing group mapping, when we log in to the system using SSO, an attribute with name for example "groups" is used during SAML assertion payload that list all the security groups the user is attached to, and what group mapping can do (similar to Datadog), is I can map a security grouop from that attribute to a role in Port without managing the roles per user in Port UI. or attach a security group to a team so that team can have roles. SCIM is another process that is nice to have though.
Naama Ben Oliel Ronen
marked this post as
planned