17 results found
-
API Tokens for Organizations
As a customer, I want to create API Tokens which are not attached to a real user, so that I can enforce the usage of SAML for the whole Organization. Using tokens from a real user usually means that the token has more access than desirable for example monitoring can be done with read-only permissions.
47 votes -
Syncing Users and User Groups from Okta via SCIM
As an IT Administrator I want to automate the on and off-boarding of users and manage their lifecycle in Okta.
SCIM allows an IT Administrator to provision users and groups automatically to Aiven and keeps them in sync with the identity provider.
31 votes -
Granular Roles and Permissions
As an Organization administrator
I want to be able to create and define my own roles
so that I can specify as granular as possible what users with that roles can or can not do.For example:
- I want to create a new role dedicated to manage and view only billing related information which is used for members of the finance department.
- I want to create a new role dedicated to manage users and groups which is used by members of the IT department.28 votes -
Syncing Users and User Groups from Azure AD via SCIM
As an IT Administrator I want to automate the on and off-boarding of users and manage their lifecycle in Azure AD.
SCIM allows an IT Administrator to provision users and groups automatically to Aiven and keeps them in sync with the identity provider.
22 votes -
Syncing Users and User Groups from Google Workspace via SCIM
As an IT Administrator I want to automate the on and off-boarding of users and manage their lifecycle in Google Workspace.
SCIM allows an IT Administrator to provision users and groups automatically to Aiven and keeps them in sync with the identity provider.
14 votes -
SAML Certificate Expiry
As an Aiven Administrator
I want to have an automated way to know when a user's ssl certificates enter their expiration grace period (last 3 months)
so that I can update the values stored in, say, AWS SecretsManager
A simple method would be to provide an api that shows the expiration dates for each user (as per the data file available to the Console) so that I could poll once per month, say, and update any certificates in the grace period and use the current acknowledgement api to complete the task.11 votes -
Break Glass Account
As an Organization Administrator, I want the possibility to bypass normal authentication and access procedures, so that I can restore access in an emergency situation for example when SAML authentication fails.
9 votes -
Set users/teams/groups at Org unit level
As an administrator of the Aiven Console
I want to associate users, teams(/groups) at the Org Unit level
so that I can have different units within my business control their own infrastructure, projects, services etc.
In addition, projects created within the Org Units would inherit the same user and group permissions by default6 votes -
Disable self-service password reset for users in my verified domain
As an Aiven customer with a verified domain, and therefore the ability to reset my users' credentials, I would like to be able to disable self-service password reset for my users. This is to support internal policies that users' passwords can only be reset by our helpdesk.
3 votes -
SSO enabled domains
As a user of an SSO enabled domain
I would like to be prevented from creating an email account for that SSO domain
so that I can avoid an additional steps to link SSO accounts2 votes -
U2F support
As an Aiven user, I would like to be able to enable 2FA with U2F tokens such as a Yubikey or a Titan Security Key. This is more convenient to use and more secure than the TOTP token option currently offered.
2 votes -
Passkey support
As an Aiven user, I would like to be able to authenticate to the platform with passkeys (i.e. webauthn). This is more convenient and secure than a password. Ideally, I would be able to remove password authentication from my account if I enable or sign up with a passkey.
2 votes -
Allow multiple 2FA devices
As a user with multiple devices, I would like to be able to add additional 2FA devices to my authentication profile. Currently, if I want to add a new device, I have to disable 2FA, and then enable it again on every device with the new token key, and re-issue my tokens.
2 votes -
Restrict user sign-in domains to my verified domains
As an Aiven customer with a verified domain, I would like the option to restrict the list of domain names in the email addresses users can use to sign into my account. Particularly, I'd like to prevent users from domains I don't control from being invited to my account. Ideally, I could specify a list of allowed email domains, or at least restrict sign-in to my verified domains. Users with email addresses with domain names not in the list should be denied access.
2 votes -
2FA Recovery Codes
As an Aiven user depending on platform authentication and using 2FA to improve account security, I would prefer to be able to reset 2FA by the use of recovery codes; simultaneously, I would prefer that resetting my password via email password reset not clear my 2FA settings.
2 votes -
Terraform User Group Membership
As a customer
I want to manage RBAC via Terraform (including assigning users as members of groups, and assigning roles to groups for our projects)
so that I can administer our roles fully in one place without needing to sign in to the portal.
This is currently blocked due to an issue relating to user invites (see https://github.com/aiven/terraform-provider-aiven/pull/1367#issuecomment-1765722571) - meaning in Terraform we can create users, and create groups, but we cannot assign users as group members (and no resource exists in the Aiven Terraform provider yet to allow us to assign project roles to groups, AFAIK).2 votes -
Syncing Users and User Groups from OneLogin via SCIM
As an IT Administrator I want to automate the on and off-boarding of users and manage their lifecycle in OneLogin.
SCIM allows an IT Administrator to provision users and groups automatically to Aiven and keeps them in sync with the identity provider.
2 votes
- Don't see your idea?