6 results found
-
API Tokens for Organizations
As a customer, I want to create API Tokens which are not attached to a real user, so that I can enforce the usage of SAML for the whole Organization. Using tokens from a real user usually means that the token has more access than desirable for example monitoring can be done with read-only permissions.
47 votesApplication users are generally available in Aiven
Application users are a special type of user that super admin can create to use for programmatic access to Aiven through the API, Terraform, Kubernetes, or other applications. They make it easier to audit and manage access to your Aiven resources for applications.
These users are centrally managed by organization super admin, who now have full visibility into how their organization’s resources are programmatically accessed on the Aiven platform. The application user tokens also add another level of security. Super admin can restrict users from creating personal tokens, ensuring that only approved applications access the Aiven API with application user tokens. This also makes it easier for super admin to regularly rotate tokens according to your organization’s security policies.
Find out more about using application users to securely manage access to the Aiven platform in the documentation.
-
Syncing Users and User Groups from Okta via SCIM
As an IT Administrator I want to automate the on and off-boarding of users and manage their lifecycle in Okta.
SCIM allows an IT Administrator to provision users and groups automatically to Aiven and keeps them in sync with the identity provider.
31 votesAiven now supports user provisioning from Okta via SCIM, streamlining user management and enhancing security. SCIM lets you sync users and groups between Okta and the Aiven platform. This centralization of user management can reduce errors, save time, and improve compliance.
-
Allow requiring 2FA Organization wide
As Organization administrator
I want to be able to require all users within an Organization to setup and use 2FA
so that I can secure my Organization and make it more difficult for malicious activities.20 votesI'm happy to share that it is now possible to enforce the usage of 2FA for your organization. Our latest enhancement for organization users lets you set an authentication policy for your organization. These policies control how users can access your organization on the Aiven platform: with a password, third-party authentication, or organization single sign-on (SSO).
For an added layer of security, you can also enforce two-factor authentication for password logins.
Read more about the authentication types and learn how to set an authentication policy in the documentation.
-
Ability to disable 3rd party authentication for the Organization
As an Organization Administrator, I want to disable 3rd party authentication methods such as Google or GitHub, so that I can keep my Organization secure.
11 votesI'm happy to share that it is now possible to disable 3rd party authentication for your organization. Our latest enhancement for organization users lets you set an authentication policy for your organization. These policies control how users can access your organization on the Aiven platform: with a password, third-party authentication, or organization single sign-on (SSO).
For an added layer of security, you can also enforce two-factor authentication for password logins.
Read more about the authentication types and learn how to set an authentication policy in the documentation.
-
SSO enabled domains
As a user of an SSO enabled domain
I would like to be prevented from creating an email account for that SSO domain
so that I can avoid an additional steps to link SSO accounts2 votesThanks for submitting this idea. Good news, this feature is already avalible and can be enabled by adding a domain https://aiven.io/docs/platform/howto/manage-domains and then linking the domain to your IdP https://aiven.io/docs/platform/howto/manage-domains.
-
Terraform User Group Membership
As a customer
I want to manage RBAC via Terraform (including assigning users as members of groups, and assigning roles to groups for our projects)
so that I can administer our roles fully in one place without needing to sign in to the portal.
This is currently blocked due to an issue relating to user invites (see https://github.com/aiven/terraform-provider-aiven/pull/1367#issuecomment-1765722571) - meaning in Terraform we can create users, and create groups, but we cannot assign users as group members (and no resource exists in the Aiven Terraform provider yet to allow us to assign project roles to groups, AFAIK).2 votes
- Don't see your idea?