Hey Guys,
Any plans to support SSO authentication options? We use Okta for a lot of our external applications to tie them back to AD, and we'd love to be able to use something like this with XI.
SSO Authentication?
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: SSO Authentication?
Hi Mike!
We've talked about adding some options for SSO, but don't have anything set in stone yet.
You could likely take a whack at creating your own via component similar to the old AD/LDAP method. Down-side would be you would still need to add all the users manually.
We've talked about adding some options for SSO, but don't have anything set in stone yet.
You could likely take a whack at creating your own via component similar to the old AD/LDAP method. Down-side would be you would still need to add all the users manually.
Re: SSO Authentication?
Has there been any update on this, as it looks like you were contemplating it over a year ago? Thanks!
-
- Former Nagios Staff
- Posts: 4583
- Joined: Wed Sep 21, 2016 10:29 am
- Location: NoLo, Minneapolis, MN
- Contact:
Re: SSO Authentication?
There are no current plans for SSO. However, I would advise checking on the status in December. As far as I am aware, the features for XI 5.5 have not yet been decided and then of course here is XI 6.0. If a lot of people say they want this, then it may happen, but it does not seem to be in high demand.
-
- Posts: 34
- Joined: Thu Oct 13, 2016 8:25 am
- Location: Remote
Re: SSO Authentication?
Please consider this another request for SSO (SAML 2.0 preferred).
We have 25+ Nagios servers and having SSO would be an easier approach for our large and growing environment.
We have 25+ Nagios servers and having SSO would be an easier approach for our large and growing environment.
-
- Former Nagios Staff
- Posts: 4583
- Joined: Wed Sep 21, 2016 10:29 am
- Location: NoLo, Minneapolis, MN
- Contact:
Re: SSO Authentication?
We have decided not to move forward with SAML per Feature Request 7684. We are still considering SSO options. I would suggest checking back in 2019 after XI 6.0 is out. If there are changes in the roadmap, you will find them at https://www.nagios.com/roadmaps/kevinmjacobsen wrote:(SAML 2.0 preferred).
Re: SSO Authentication?
What is the recommended SSO option for Nagios?
-
- Former Nagios Staff
- Posts: 4583
- Joined: Wed Sep 21, 2016 10:29 am
- Location: NoLo, Minneapolis, MN
- Contact:
Re: SSO Authentication?
Active Directory/LDAP
Re: SSO Authentication?
This is unfortunate and disappointing. Enabling AD or LDAP for authentication is not SSO. While it is better than managing passwords independently, SSO allows you to authenticate once and then gain access to any SSO enabled application without entering your username/password again.
The University of Michigan developed a web SSO application nearly 20 years ago, more background on it at http://weblogin.org. Most cloud providers are supporting federated SSO using SAML2, but it's not much more difficult to integrate.
https://wiki.shibboleth.net/confluence/ ... pplication. Primarily, if Nagios just supported using the REMOTE_USER variable, it would be a big improvement. It would be great if it also supported AD/LDAP for authorization, i.e. allowing only specific users access and define their role based on their membership from directory groups.
Thanks and I hope Nagios reconsiders looking at integrating an improve SSO feature.
The University of Michigan developed a web SSO application nearly 20 years ago, more background on it at http://weblogin.org. Most cloud providers are supporting federated SSO using SAML2, but it's not much more difficult to integrate.
https://wiki.shibboleth.net/confluence/ ... pplication. Primarily, if Nagios just supported using the REMOTE_USER variable, it would be a big improvement. It would be great if it also supported AD/LDAP for authorization, i.e. allowing only specific users access and define their role based on their membership from directory groups.
Thanks and I hope Nagios reconsiders looking at integrating an improve SSO feature.
-
- Former Nagios Staff
- Posts: 4583
- Joined: Wed Sep 21, 2016 10:29 am
- Location: NoLo, Minneapolis, MN
- Contact:
Re: SSO Authentication?
If you think this is something we could easily integrate into Core, I would suggest filing a feature request at https://github.com/NagiosEnterprises/na ... issues/new