Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automatically remove users in Fleet when they're removed in my IdP #22350

Open
15 tasks
noahtalerman opened this issue Sep 24, 2024 · 2 comments
Open
15 tasks

Automatically remove users in Fleet when they're removed in my IdP #22350

noahtalerman opened this issue Sep 24, 2024 · 2 comments
Assignees
@rachaelshaw
Labels
~customer promise A feature request from a Fleet customer that Fleet has contractually agreed to deliver customer-rosner customer-sarahwu #g-orchestration Orchestration product group :product Product Design department (shows up on 🦢 Drafting board) story A user story defining an entire feature

Comments

@noahtalerman
Copy link
Member

noahtalerman commented Sep 24, 2024
edited
Loading

Goal

User story
As a security engineer, who noticed that the IT team got Fleet or is expanding its use,
I want automatic user deletion/creation so that when someone w/ an account in Fleet leaves/joins and we remove/add them in Okta
so that there’s not a dangling Fleet admin account (JIT, SCIM).

Context

Original request: #15671

Changes

Product

  • UI changes: TODO
  • CLI (fleetctl) usage changes: TODO
  • YAML changes: TODO
  • REST API changes: TODO
  • Fleet's agent (fleetd) changes: TODO
  • Activity changes: TODO
  • Permissions changes: TODO
  • Changes to paid features or tiers: TODO
  • Other reference documentation changes: TODO
  • Once shipped, requester has been notified

Engineering

  • Feature guide changes: TODO
  • Database schema migrations: TODO
  • Load testing: TODO

ℹ️  Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".

QA

Risk assessment

  • Requires load testing: TODO
  • Risk level: Low / High TODO
  • Risk description: TODO

Manual testing steps

  1. Step 1
  2. Step 2
  3. Step 3

Testing notes

Confirmation

  1. Engineer (@____): Added comment to user story confirming successful completion of QA.
  2. QA (@____): Added comment to user story confirming successful completion of QA.
@noahtalerman noahtalerman added story A user story defining an entire feature :product Product Design department (shows up on 🦢 Drafting board) #g-endpoint-ops Endpoint ops product group labels Sep 24, 2024
@noahtalerman noahtalerman mentioned this issue Sep 24, 2024
Open
@noahtalerman
Copy link
Member Author

Hey @randy-fleet I peeled this user story off the the customer request here and assigned you, and added it to the current design sprint.

I don't know yet if there's much new UI to design here. I'm hoping we can use the existing fields and checkbox we already have on the Settings > Organization settings > SSO page:

Screenshot 2024-09-24 at 1 55 25 PM

I think the first task is documenting what the user journey/flow looks like for setting this up w/ Okta/Google Workspace and other third-party apps.

This will help us understand what we have to design/build in Fleet.

@noahtalerman noahtalerman added the ~feature fest Will be reviewed at next Feature Fest label Oct 3, 2024
@noahtalerman noahtalerman removed their assignment Oct 3, 2024
@noahtalerman noahtalerman removed the :product Product Design department (shows up on 🦢 Drafting board) label Oct 3, 2024
@noahtalerman
Copy link
Member Author

Hey @zayhanlon, we didn't get to this user story during the 3-week design sprint. Removing it from the drafting board and adding it to feature fest.

@iansltx iansltx mentioned this issue Oct 31, 2024
Merged
3 tasks
@noahtalerman noahtalerman removed the ~feature fest Will be reviewed at next Feature Fest label Oct 31, 2024
@noahtalerman noahtalerman changed the title Automatically add/remove users in Fleet when they're added/removed in my IdP Automatically remove users in Fleet when they're removed in my IdP Nov 14, 2024
@noahtalerman noahtalerman added Epic DO NOT USE. Auto-created by ZenHub, cannot be disabled. ~customer promise A feature request from a Fleet customer that Fleet has contractually agreed to deliver and removed Epic DO NOT USE. Auto-created by ZenHub, cannot be disabled. labels Nov 14, 2024
@noahtalerman noahtalerman added ~feature fest Will be reviewed at next Feature Fest and removed ~feature fest Will be reviewed at next Feature Fest labels Dec 5, 2024
@noahtalerman noahtalerman added :product Product Design department (shows up on 🦢 Drafting board) #g-orchestration Orchestration product group and removed #g-endpoint-ops Endpoint ops product group labels Dec 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rachaelshaw rachaelshaw

Labels
~customer promise A feature request from a Fleet customer that Fleet has contractually agreed to deliver customer-rosner customer-sarahwu #g-orchestration Orchestration product group :product Product Design department (shows up on 🦢 Drafting board) story A user story defining an entire feature
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rachaelshaw @allenhouchins @noahtalerman @randy-fleet