Add ability to read SAML Groups

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
frogonabike
OpenVpn Newbie
Posts: 1
Joined: Fri Jul 08, 2022 11:21 am

Add ability to read SAML Groups

Post by frogonabike » Thu Jul 21, 2022 2:28 pm

We currently have our Access Server setup to place each of our various teams into separate groups based on groups that were previously provided via LDAP with the "post-auth" script.
This functionality appears to be missing when using SAML auth.
Appreciate this method only got introduced with 2.11 but thought it would be worth mentioning ASAP as this is one feature currently holding us back from rolling out to the broader company.

From our initial testing with the IT Team members, it's possible to get the SAML auth to reference their existing user profiles by changing the NameID sent, but if we did get any new people to join we'd need to manually create their profiles and amend some other settings first before they connect which is something we'd prefer to avoid.

Overall tho the SAML method has been a big hit! So much nicer NOT to need to enter a password and TOTP code each time and we've also found the VPN reconnects each morning effortlessly once we authenticate to our SSO service :)

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Add ability to read SAML Groups

Post by TinCanTech » Thu Jul 21, 2022 4:52 pm

Wishlist is currently for community version.

* Moved *

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Add ability to read SAML Groups

Post by openvpn_inc » Fri Jul 22, 2022 2:49 pm

Hi,

This is part of the roadmap and will be available and supported in future releases.

Regards,
.\kionci
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply