List view
- No due date•1/6 issues closed
- No due date•0/6 issues closed
Customers with enterprise SSO will be able to: - Require SSO login (phase 4) — a per-tenant setting that rejects Google/GitHub social logins. Existing non-SSO users are redirected to the IdP on their next login, and their old grants are reapplied to the new account. Grants are removed from the old account and refresh tokens are revoked - these users will have to get a new token for flowctl when their current access token expires (max 1hr). - Invite users via link with automatic SSO routing (phase 5) — invite links will continue to be our mechanism for granting access to prefixes, but when the user clicks the link, they're automatically redirected to their org's SSO flow instead of our generic login screen. - Automatically revoke access when a user is removed from their corporate IdP (phase 6) — via a minimal SCIM integration, when an IT admin deactivates a user in their IdP, that user's grants are immediately removed. Existing CLI tokens will still be valid but have no access rights.
No due date•2/5 issues closed