Feature request - Ability to create local accounts derived from Entra ID but with seperate local only credentials #259
Assignees
Milestone
Comments
|
So instead of this prompt, it would be good just allow the setup of a local account that has been derived from Entra ID with a password that is in line with the local / MDM password policy. |
|
@twocanoes please confirm PSSO status for milestone v5.0 vs future. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In order to leverage PSSO witth Secure Enclave to get non-phishable Entra ID credentials, it is considered best practice to have a local account that does not have a password that matches the Entra ID credentials and also doesn't synch or ensure they are the same. However, it is imperative that any local accounts that were created are accounts that match an Entra ID account - an MFA challenge to prove it (with the Authenticator app) would be ideal - if a token is recieved then an account can be created with a seperate, local password.
Thinking out loud but I was wondering whether it would be possible to have XCreds create this Entra ID derived local account in this scenario? Maybe a PSSO/SE mode that could also take care of local account password policy too?
I hope this makes some sense.
The text was updated successfully, but these errors were encountered: