15 results found
-
Granular Roles and Permissions
As an Organization administrator
I want to be able to create and define my own roles
so that I can specify as granular as possible what users with that roles can or can not do.For example:
- I want to create a new role dedicated to manage and view only billing related information which is used for members of the finance department.
- I want to create a new role dedicated to manage users and groups which is used by members of the IT department.34 votes -
Syncing Users and User Groups from Azure AD via SCIM
As an IT Administrator I want to automate the on and off-boarding of users and manage their lifecycle in Azure AD.
SCIM allows an IT Administrator to provision users and groups automatically to Aiven and keeps them in sync with the identity provider.
28 votes -
Syncing Users and User Groups from Google Workspace via SCIM
As an IT Administrator I want to automate the on and off-boarding of users and manage their lifecycle in Google Workspace.
SCIM allows an IT Administrator to provision users and groups automatically to Aiven and keeps them in sync with the identity provider.
14 votes -
SAML Certificate Expiry
As an Aiven Administrator
I want to have an automated way to know when a user's ssl certificates enter their expiration grace period (last 3 months)
so that I can update the values stored in, say, AWS SecretsManager
A simple method would be to provide an api that shows the expiration dates for each user (as per the data file available to the Console) so that I could poll once per month, say, and update any certificates in the grace period and use the current acknowledgement api to complete the task.11 votes -
Break Glass Account
As an Organization Administrator, I want the possibility to bypass normal authentication and access procedures, so that I can restore access in an emergency situation for example when SAML authentication fails.
9 votes -
Set users/teams/groups at Org unit level
As an administrator of the Aiven Console
I want to associate users, teams(/groups) at the Org Unit level
so that I can have different units within my business control their own infrastructure, projects, services etc.
In addition, projects created within the Org Units would inherit the same user and group permissions by default7 votes -
Disable self-service password reset for users in my verified domain
As an Aiven customer with a verified domain, and therefore the ability to reset my users' credentials, I would like to be able to disable self-service password reset for my users. This is to support internal policies that users' passwords can only be reset by our helpdesk.
3 votes -
Cross Service User Sharing
As a DR practice, we have multi region Kafka services with Mirror maker. But in case of Disaster in one region, The apps should be able to resolve to other region seamlessly. But as the user credentials being are being different for both the kafka regional services which is leading delta in configuration. I know through TF we can create custom password, but for in case of TLS based authentication I dont see a way to either replicate or create custom Certs which can be ideal in case of any DR practice
2 votes -
add
As a Platform Engineer
I want this ability to create application users on project level rather than organization level, so that i can avoid them to be part of other projects. In addition, i want to restrict them to a project in such a way that they cannot be added to other projects.2 votes -
U2F support
As an Aiven user, I would like to be able to enable 2FA with U2F tokens such as a Yubikey or a Titan Security Key. This is more convenient to use and more secure than the TOTP token option currently offered.
2 votes -
Passkey support
As an Aiven user, I would like to be able to authenticate to the platform with passkeys (i.e. webauthn). This is more convenient and secure than a password. Ideally, I would be able to remove password authentication from my account if I enable or sign up with a passkey.
2 votes -
Allow multiple 2FA devices
As a user with multiple devices, I would like to be able to add additional 2FA devices to my authentication profile. Currently, if I want to add a new device, I have to disable 2FA, and then enable it again on every device with the new token key, and re-issue my tokens.
2 votes -
Restrict user sign-in domains to my verified domains
As an Aiven customer with a verified domain, I would like the option to restrict the list of domain names in the email addresses users can use to sign into my account. Particularly, I'd like to prevent users from domains I don't control from being invited to my account. Ideally, I could specify a list of allowed email domains, or at least restrict sign-in to my verified domains. Users with email addresses with domain names not in the list should be denied access.
2 votes -
2FA Recovery Codes
As an Aiven user depending on platform authentication and using 2FA to improve account security, I would prefer to be able to reset 2FA by the use of recovery codes; simultaneously, I would prefer that resetting my password via email password reset not clear my 2FA settings.
2 votes -
Syncing Users and User Groups from OneLogin via SCIM
As an IT Administrator I want to automate the on and off-boarding of users and manage their lifecycle in OneLogin.
SCIM allows an IT Administrator to provision users and groups automatically to Aiven and keeps them in sync with the identity provider.
2 votes
- Don't see your idea?