Artur
opened 11 months ago
-
In latest OneDev version, user authenticated via external authenticator is not allowed to change password. So this will not a problem.
-
Indeed, I can see, that for external accounts now, there is no option to change password. Thank you.
-
Previous Value Current Value Open
Closed
| Type |
Question
|
| Priority |
Normal
|
| Assignee | |
| Labels |
No labels
|
Issue Votes (0)
Watchers (2)
Hi,
Is it possible to enforce external auth for certain domains or users?
Right now, it seems that an external authenticated user can change/set his password in OneDev to switch to 'internal' authentication. And this is a problem. Because we have our employees and other team members managed centrally from our Tygrys systems. If someone leaves our company or our team, we disable his account in our central system, so he no longer has access and permission to access all the non-public projects and code.
However, if the user, in the meantime set his password in OneDev, is switched to internal authentication and disabling his account in out external system simply does not work. The user can still login to OneDev and access all the internal information. This can easily be unnoticed for some time.
Therefore, having something like enforced 'external only' auth for certain domains would be highly required.