You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
When self hosting flagsmith the owner of the instance might want to only manage a single org for all of their users, currently every user must be manually invited to the same org or share the same invite link. Flagsmith currently allows for oAuth via google and github in an ideal world there would be functionality such that the Flagsmith instance would effectively be a "single tenant org" where all users that successfully authenticate would be invited to this "default" org without having to share a link or mistakenly create their own org.
Describe the solution you'd like.
Functionally this might be done via env-var(s) on the API instance that would change api to:
Disable users from creating orgs (Already done via flagsmith on flagsmith)
Auto invite all users to some default org
Disable email/password signup (already done via ALLOW_REGISTRATION_WITHOUT_INVITE)
Force users to sign up via oAuth/SAML/SSO
The only requirement for this feature would be the auto invite but it might be useful to bundle/couple these changes from a security perspective so random people don't get auto invited to the org.
Describe alternatives you've considered
Users can log in but must then be invited to the org, this might lead to a user creating an org and using it without the ability for other users of that same instance to edit the Flags.
Additional context
Spoke to @dabeeeenster on the flagsmith discord around this feature. Happy to discuss this feature request any further.
The text was updated successfully, but these errors were encountered:
The call out for the disable email/password signup was more of a "tightly coupling this functionality or at least calling them out in the docs would help users maintain good security hygiene and prevent gun aimed at foot situations" vs a strict requirement. The auto invite is really the only missing element.
Is your feature request related to a problem? Please describe.
When self hosting flagsmith the owner of the instance might want to only manage a single org for all of their users, currently every user must be manually invited to the same org or share the same invite link. Flagsmith currently allows for oAuth via google and github in an ideal world there would be functionality such that the Flagsmith instance would effectively be a "single tenant org" where all users that successfully authenticate would be invited to this "default" org without having to share a link or mistakenly create their own org.
Describe the solution you'd like.
Functionally this might be done via env-var(s) on the API instance that would change api to:
Disable users from creating orgs (Already done via flagsmith on flagsmith)
Auto invite all users to some default org
Disable email/password signup (already done via ALLOW_REGISTRATION_WITHOUT_INVITE)
Force users to sign up via oAuth/SAML/SSO
The only requirement for this feature would be the auto invite but it might be useful to bundle/couple these changes from a security perspective so random people don't get auto invited to the org.
Describe alternatives you've considered
Users can log in but must then be invited to the org, this might lead to a user creating an org and using it without the ability for other users of that same instance to edit the Flags.
Additional context
Spoke to @dabeeeenster on the flagsmith discord around this feature. Happy to discuss this feature request any further.
The text was updated successfully, but these errors were encountered: