There are 2 main issues with the SAML configuration creation and consumption flow:
- When creating a SAML configuration, the user needs to add a 'name'
- Authenticating users have to input this name when using SAML to authenticate with that organisation
I'd like to improve this by removing the manual input step, and giving organisations dedicated URLs to login so they don't need to enter the name.
The suggested approach is to have the API generate the name for them which should be a slug of their organisation name. If this already exists, the API should add additional random characters to the end of the name. The user should be able to modify the name if they choose to, but the input should not be editable by default. If the user submits a name that is already taken, the system should automatically add random characters to the end of the name, and present it back to them for confirmation.
When the SAML configuration is created, they should be given a custom Login URL that looks something like: https://app.flagsmith.com/login/?sso_idp=<configuration-name>. On browsing to that URL in an unauthenticated browser, the user should not be prompted with the regular login screen (as is the current behaviour if they set the sso_idp flag), but they should see a screen that just has a single button with the text 'Login to Flagsmith with SSO' or similar.
There are 2 main issues with the SAML configuration creation and consumption flow:
I'd like to improve this by removing the manual input step, and giving organisations dedicated URLs to login so they don't need to enter the name.
The suggested approach is to have the API generate the name for them which should be a slug of their organisation name. If this already exists, the API should add additional random characters to the end of the name. The user should be able to modify the name if they choose to, but the input should not be editable by default. If the user submits a name that is already taken, the system should automatically add random characters to the end of the name, and present it back to them for confirmation.
When the SAML configuration is created, they should be given a custom Login URL that looks something like:
https://app.flagsmith.com/login/?sso_idp=<configuration-name>. On browsing to that URL in an unauthenticated browser, the user should not be prompted with the regular login screen (as is the current behaviour if they set thesso_idpflag), but they should see a screen that just has a single button with the text 'Login to Flagsmith with SSO' or similar.