We are trying to enable SAML, and 1 friction area is Mender doesn’t support creating the account on first use. This means we need to manually create accounts for new users, in addition to adding them to the correct groups in our backend. This makes the process more error-prone, since we have to manually enter account information into Mender, when we already create it once in our Identity provider.
Many services have a feature to create an account the first time you log in. So the flow would go:
- Add user to correct group in IdP
- User goes to Mender start URL
- Log in through IdP login
- Mender gets the account info and creates the account, maybe with some default role?
Is there an improvement for this in the works, or do we think this is feasible?