Force SSO Reauthentication on Login #30844
Labels
feature-request
Used for new features in Teleport, improvements to current should be #enhancements
Comments
djohns7
added
the
feature-request
|
I thought we just fixed this? See #29815 and gravitational/teleport.e#1915. |
|
@zmb3 This hasn't been backported so will only come out with v14, right? |
|
That's a question for @r0mant and @capnspacehook |
|
@capnspacehook Is this easy to backport to 13? |
|
Probably, will do that now |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What would you like Teleport to do?
Add functionality to force SSO users to reauthenticate when logging into Teleport. In SAML, we could do this by implementing the ForceAuthn parameter. In OIDC, we could use prompt-login or max_age parameters.
What problem does this solve?
Currently, when using SSO to login to Teleport, we check for a valid SSO session, and if one is present which is valid for Teleport usage, we allow the login automatically. A customer has requested that we force reauthentication into the SSO provider using the above parameters, given that Teleport has access to sensitive information.
If a workaround exists, please include it.
The text was updated successfully, but these errors were encountered: