FusionAuth
IDP Manager User Role
IDP Manager User Application Role
Problem
We have a team in our organization tasked with onboarding customers with Single Sign-On. We have been building tools for them with the FusionAuth API. It would be simpler for us to use the GUI interfaces available in the FusionAuth console, but to minimize the security exposure, we don't want to give these users the admin role to enable access to the Identity Providers screens.
Solution
We'd like to give these users an idp_manager role that will allow them to view and manage identity providers without giving them access to all the functions in the admin role.
Alternatives/workarounds
We've been building our own tools using the /api/identity-provider endpoint in the API, and have given our application permission to that endpoint on its API Key. At some point we feel like we're unnecessarily rebuilding the tools that already exist in the FusionAuth console.
Additional context
We looked at the documented set of User Application Roles here: https://fusionauth.io/docs/get-started/core-concepts/roles#fusionauth-application-roles, and didn't see anything specific to IDP management (and only that).
Related Issues
- https://github.com/FusionAuth/fusionauth-issues/issues/91
- https://github.com/FusionAuth/fusionauth-issues/issues/1524
Community guidelines
All issues filed in this repository must abide by the FusionAuth community guidelines.
How to vote
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.
Thanks for your suggestion @pendenga ! We've heard from other users about this desire. I added a couple of related issues. Unfortunately we have a backlog of work right now, but when we revisit the admin UI, we can review this request.
