Hi guys,
I just done my first SSO integration on miro and noticed after SSO enable. The option of “Login with Google” still available in user profile. What would happen if I enable it? Will I be able to login with google as well as SSO? If so, it sounds like a security hole.
Hi
At the moment, the option to connect with the different authentication methods is still present for users if SSO is enabled and there isn't a way to disable it. However, if a user connects via one of the authentication methods and tries to log in with it and SSO is enabled then they will be automatically redirected to the SSO login page. This prevents any user from logging in with a different authentication method outside of SSO if SSO is enabled for the enterprise account.
Our development teams are investigating and looking to implement a way to disable the ability to connect to authentication methods if SSO is enabled but at this time we do not have any timelines to share of when this will be available.
Hi
Many thanks for your reply. After post the message, we performed a few testing and learnt that if “Login in with X” email address is different to company email which is the most common case. Miro CANNOT prevent user from logging. Your tech team also can reproduce this issue and confirmed this flaw (Ticket 293328)
Basically if company, like ourselves, wants to use SSO to enforce authentication policy, this would be a pretty serious security flaw. Im still waiting for further information from your tech team.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
