Product Ideas Portal

Got an idea for a new feature? Maybe a tweak to make something work even better? Wish there was an integration with another product to make you even more productive? You've come to the right place.

The Product Ideas Portal lets you submit whatever product feedback you have, good, bad, ugly, and anywhere between.

Want to stay anonymous? No problem, you can still share your ideas with us. You can also create an account which lets you vote on other people's ideas and receive updates when your idea's status changes.

To learn more about how an idea becomes a feature, check out this infographic.


18 Vote

Password Safe - SAML Authentication to be enabled for Direct connect users

SAML SSO is the authentication method supported for Password safe users. 
when we goto SAML (to provide SSO including MFA) for Password Safe users , it is recommended to turn off Forms authentication for these users. The users who use direct connect sessions, for RDP / SSH should not be impacted because of this. 

For these Password Safe users when the authentication is changed to SAML and "Disable Forms Authentication" selected.  They would not be able to login  directly to PAM,  so this should not loose their ability to launch direct connect sessions. As direct connect is a preferred method, can this be supported along with SAML ? 

This option is highly useful as we think direct connect is great feature for users, and would like to continue supporting it when we are going to SAML. 

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Jan 7 2020
  • Will not implement
  • Attach files
  • Admin
    Brian Chappell commented
    4 Sep 03:47pm

    Neither SSH nor RDP have any way to support SAML, it's a web SSO technology. There is no way for an SSH or RDP client to access any existing SAML authentication token (as it will be in your browser) and RDP/SSH does not provide any mechanism to pass the token onto the target. Using a tool like Guacamole to provide an HTTP5-based SSH/RDP mechanism within the existing UI would benefit from the existing SAML support but doesn't answer the specific idea here.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    4 Sep 12:56pm

    I assume that this would be impossible with a normal thick client RDP/SSH session as those clients don't have the means to handle the SAML request/response flow and necessary session cookies requires by SAML.

    Are there any clients (RDP or SSH) that support SAML authentication and act as connection brokers/aggregators?

    An HTML5 based RDP/SSH client might make this possible. Through something like Apache Guacamole, you could enable users to bookmark the "direct connect" sessions. The browser would handle the SAML auth. It would also eliminate the need for anything other than a browser on the client...

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    18 Aug 06:42pm

    Requested for integrations with TAP vendors by the Alliances team

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    23 Jun 05:44pm

    Agree - this would be a valuable capability and would simplify the setup as we would not need to set up RADIUS+MFA in BI but could rely on the settings in our SAML IdP (Okta, ADFS, OneLogin, etc.)

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    21 May 07:52pm

    DirectConnect is a great feature which breaks when SAML is implemented. Please enhance the SAML implementation to include SP initiated SAML and then the authentication request could be redirected to the IDP for authentication.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    7 Jan 08:48pm

    Agree that this would be a valuable option in a future release as our staff use the Direct Connect option regularly. Would appreciate a quick turnaround on this one if possible.