Feature name
Prevent Administrators from bypassing SSO
Feature function
-
What will this feature do differently?
Currently, Administrators and Owners are allowed to bypass SSO and login directly to their vault. That allows recovery of the system in case SSO is down/broken. However, security best practice says that regularly used accounts shouldn’t have this ability. And, there is no category of user that allows user management but does not the ability to bypass SSO. So, there should at least be the option to disable SSO bypass for Administrators (and limit it only to Owners). -
What benefits will this feature bring?
Enhanced security. -
Remember to add a tag for each client application that will be affected
I believe the existing configuration allows administrators to bypass SSO on all clients.
Related topics + references
- Are there any related topics that may help explain the need and function of this feature?
- Are there any references to this feature or function on other platforms that may be helpful?