Provide account activation configuration options for federated logins
- Their account is active at their "home" cluster, and
- "Auto-activate new users" is enabled on the local cluster.
Otherwise, the user lands in an inactive account.Options:
- auto activate federated remote accounts
- allow specific approval and activation of remote accounts (??? does this mean current behavior?)
- Auto activate: list of cluster ids for which it honors the "is_active" flag (current behavior is to ignore the is_active flag and use the local cluster's autoactivate policy)
Updated by Peter Amstutz over 4 years ago
Lucas Di Pentima wrote:
Very clear documentation! I would add a test to check for the negative case (users from non trusted clusters aren't auto-activated), is that implicitly proved on preexisting tests?
Yes that's covered already, I added a check to an existing test that is_active is false:
Apart from that, LGTM.