Provide account activation configuration options for federated logins
- Their account is active at their "home" cluster, and
- "Auto-activate new users" is enabled on the local cluster.
Otherwise, the user lands in an inactive account.Options:
- auto activate federated remote accounts
- allow specific approval and activation of remote accounts (??? does this mean current behavior?)
- Auto activate: list of cluster ids for which it honors the "is_active" flag (current behavior is to ignore the is_active flag and use the local cluster's autoactivate policy)
#15 Updated by Peter Amstutz over 3 years ago
13255-account-activation @ 0bcbbb13f9e278347e500fa344ee600891a9bcb8
#16 Updated by Peter Amstutz over 3 years ago
13255-account-activation @ ebb7681e5cf4bc2825e8786ecda895e219158703
#18 Updated by Peter Amstutz over 3 years ago
Lucas Di Pentima wrote:
Very clear documentation! I would add a test to check for the negative case (users from non trusted clusters aren't auto-activated), is that implicitly proved on preexisting tests?
Yes that's covered already, I added a check to an existing test that is_active is false:
Apart from that, LGTM.