Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add SSO MFA docs #50533

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add SSO MFA docs #50533

wants to merge 1 commit into from

Conversation

Joerger
Copy link
Contributor

@Joerger Joerger commented Dec 21, 2024

Add documentation for the new SSO MFA feature. See the RFD for more details.

Copy link

🤖 Vercel preview here: https://docs-mzyc3e21c-goteleport.vercel.app/docs

Comment on lines +416 to +418
Teleport MFA checks can be delegated to your SSO provider. This allows Teleport
users to use MFA devices and custom flows configured in the SSO provider to carry out
privileged actions in Teleport, such as:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Teleport MFA checks can be delegated to your SSO provider. This allows Teleport
users to use MFA devices and custom flows configured in the SSO provider to carry out
privileged actions in Teleport, such as:
Teleport administrators can configure Teleport to delegate MFA checks to an
SSO provider as an alternative to registering MFA devices directly with the Teleport Cluster.
This allows Teleport users to use MFA devices and custom flows configured in the SSO provider to carry out privileged actions in Teleport, such as:


Administrators may want to consider enabling this feature for the following benefits:

- All authentication (login and MFA) goes through the IdP, consolidating monitoring
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- All authentication (login and MFA) goes through the IdP, consolidating monitoring
- All authentication (login and MFA) goes through the IdP, reducing administrative overhead

```

You may use `entity_descriptor_url` in lieu of `entity_descriptor` to fetch
the entity descriptor from your IDP.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
the entity descriptor from your IDP.
the entity descriptor from your IdP.

Choose one (IdP or IDP) and be consistent.

# top of active user sessions.
max_age: 0

version: v3
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: I'd move this to the top after kind.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport/branch/v17 documentation no-changelog Indicates that a PR does not require a changelog entry size/md
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants