Skip to Main Content
Cumulocity IoT Feedback Portal
Status Unlikely to support
Created by Saif Hassan
Created on Sep 12, 2024

Ability to Manage SSO Users Directly in Cumulocity administration

We have users registered to our tenants using Single Sign-On (SSO). When selecting a user from the administration panel, a warning appears indicating that the user is managed by the identity provider. As a result, we are unable to disable or make changes to these SSO users directly within Cumulocity.


The current integration with the identity provider restricts administrative actions on SSO users within Cumulocity. Specifically, it prevents us from disabling or modifying SSO users through the Cumulocity platform, which is needed for effective user management and support.


Desired Outcome:

We would like the ability to manage SSO users more effectively within Cumulocity. Specifically, having a workaround or feature that allows administrators to disable or make necessary changes to SSO users directly from the platform would greatly enhance our user management capabilities. This feature should account for the fact that while the identity provider manages user authentication, it does not influence user permissions or administrative functions within Cumulocity.

  • Attach files
  • Saif Hassan
    Reply
    |
    Sep 18, 2024

    Thanks, Jane. That makes sense on the IAM side. I still believe that the option to disable users is a valid use case and should be available for SSO users. If I make my tenant fully SSO-enabled, I would only have the option to remove users, which I want to avoid, as it would result in losing their assigned roles. Disabling SSO users temporarily is a valid option.

  • Admin
    Jane Porter
    Reply
    |
    Sep 16, 2024

    Hi Saif,

    Thank you for raising this Insight. By design when managing a user with an IAM that is where the management and access configuration is done - it would be somewhat chaotic to have a user managed in 2 different systems. For authorization further granularity can be applied using roles based on the access mapping as documented here: https://cumulocity.com/docs/authentication/sso/#sso-introduction

    If you would like ot discuss this further please let me know at jane.porter@softwareag.com and we can set up a short call to go through the use case that you feel is not addressed by the current capability.

    Regards, Jane.