Jump to content

Fabio

Members
  • Posts

    4
  • Joined

  • Last visited

Everything posted by Fabio

  1. Hi there, Is there some way I can customize the text in the landing page? I would like point out to the user that he/she first needs to enroll their accounts on the /enroll page, before they use the reset portal. Thanks
  2. In this video: https://www.youtube.com/watch?v=eO7SXOQlxrc You are able to set a user account policy to use SAML2 as an authentication option, like the screenshot below, however, I can't see that option at all in my passwordstate installation. If this would work it would also solve my issue. Maybe this is no longer available in the latest versions of passwordstate? I am running V9.3 (Build 9350)
  3. Yes, I did. However, your solution does not solve the issue we have. I was wondering if someone in the forum community would have had any experience with this kind of setup, long shot, but worth a try. I have also been reading on a way to forward the headers to the backend, but since I don't know how Passwordstate gets those IP's I am not sure what's the best way to do it. For now I have enabled the temporary pin through email for as the system wide authentication method, and google authenticator for the external users. It would be great if Passwordstate had a "Sign in with Microsoft" button for SAML authentication, as so many other platforms and websites do have.
  4. I have a question regarding using multiple forms of authentication for different set of users, here’s my scenario: We are hosting Passwordstate in 2 Azure VM’s with high-availability, behind an application gateway which has those VM’s as backends. This works fine and without any issues. We have 2 sets of users: company users, which are supposed to use SAML2 as authentication, and another set of external users which their accounts are only present in our AD and not synchronized with our Azure AD and cannot use SAML, and for these users I want to enable the Manual AD with Google Authenticator. I have created a “User Account Policy” for that group of users and specified the authentication method for them. The challenge: I have set the system wide authentication method for SAML2, and since Passwordstate automatically forwards anyone coming to the portal to the IdP, it does not allow the external users to use AD to authenticate. After some digging I found that I could whitelist the IP ranges from our company users, and force any IP outside of the specified ranges to use Manual AD with Google Authenticator, however, since Passwordstate is sitting behind my Application Gateway, all the requests that the webservers sees, are all coming from that application gateway, and therefore making it impossible to filter the IP addresses correctly. This could fixed by just adding a SSO button on the authentication page, instead of automatically forwarding to the IdP. Is there some other way that we can get around this?
×
×
  • Create New...