Mandatory SSO authentication
You can enable mandatory SSO authentication for all workspace members for an additional layer of security. With this option enabled, users can access the workspace only if they sign in to the associated identity provider.
To activate this feature, tick the box in the Single Sign-On tab in the workspace settings:
Image loading...Enabling mandatory SSO
API and Git in SSO sessions
In workspaces with mandatory SSO, user's access to Git and API is limited to 24 hours since the moment of last login. In other words, the user has to sign in to Buddy via the browser every 24 hours in order to make pushes to the repository or call an API method. A user removed from the SSO will permanently lose access to the workspace after the selected period of time.
The length of access can be modified by administrators in the workspace settings:
Image loading...Setting session duration
Mandatory SSO sessions apply to:
- Personal access tokens
- Buddy OAuth application
- Repository access over HTTP (user/pass or token)
- Repository access over SSH (SSH key)
Script automation in SSO sessions
In some cases, manual browser login on time intervals can be problematic. For example:
- when we use the Buddy API to automate tasks or fetch data, e.g. for a custom dashboard with pipeline statistics
- when the Git repository is cloned during the deployment to the server
To solve this, users in the workspace can be 'marked as robots'. For such users, the session will never expire, allowing you to run Git and API requests undisturbed. To mark a user as robot, go to their profile, and select the option from the dropdown menu:
Image loading...Marking user as robot
Sep 23, 2024