Teams and SAML improvements

Written by Anders Bälter

A set of highly requested team and user management features has arrived. Multiple teams, transfer subscriptions, SAML enforced roles and turning off password-based logins.

Multiple teams

No more user+team1@mail.com, user+team2@mail.com. You can now have as many teams as you wish with the same user. Authorization, subscriptions and billing are completely separated. Switch team or create a new one from the user menu.

If you are admin of multiple teams, you will have the option to transfer ownership of subscriptions between your teams via the edit instance view. The current team will be billed for this months usage up to the transfer and the new team from that point and onwards. Of course, there is no interruption of service when transferring ownership.

SAML improvements

We have also implemented some new SAML Single sign-on (SSO) features, namely the possibilities to enforce user roles and turning off password-based logins. From now on password-based logins will still be enabled when you first activate SAML SSO so you can test it out without the risk of locking yourself out of your account. Once you have verified that your SSO is working as expected, you can turn off password-based logins from the team/saml view.

The other new SAML feature is the possibility to enforce user roles via your Identity Provider (IdP). To do this, your IdP should send the attribute 84codes.roles with values like your-team-saml-uuid/[ admin | member | billing manager | compliance manager | your tag role ] . You can find the uuid on the team/saml view. The SAML response should include something like this:

<saml2:AttributeStatement>
  <saml2:Attribute Name="84codes.roles">
    <saml2:AttributeValue>your-team-saml-uuid/member</saml2:AttributeValue>
    <saml2:AttributeValue>your-team-saml-uuid/Staging</saml2:AttributeValue>
  </saml2:Attribute>
</saml2:AttributeStatement>

Turn to your IdPs documentation for assistance on how to set this up. Here are links to a few of the most popular:

If roles are not enforced via SAML new users will be members and roles can be changed via the team view.

We hope this will ease the user and team management for you and make CloudKarafka an even smoother experience.

Please send us an email at contact@cloudkarafka.com if you have any questions or feedback to this blog post.

CloudKarafka - Industry Leading Apache Kafka as a Service