From 4c36f26b31d83fd5cc89eb7d1b10af96940a2560 Mon Sep 17 00:00:00 2001 From: ddeyo Date: Sun, 2 Sep 2018 16:21:01 -0700 Subject: [PATCH] add limitations --- ee/ucp/admin/configure/enable-saml-authentication.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ee/ucp/admin/configure/enable-saml-authentication.md b/ee/ucp/admin/configure/enable-saml-authentication.md index ca8fbd9e5a..6e3b5b0f85 100644 --- a/ee/ucp/admin/configure/enable-saml-authentication.md +++ b/ee/ucp/admin/configure/enable-saml-authentication.md @@ -15,3 +15,11 @@ A list of the identity providers that we support is found in the [Docker Compati ## Prerequisites Before you can enable SAML authentication, you must first be set up with your identity provider of choice. This process varies from provider to provider, so consult your provider's documentation for details. There are specific bits of information you need from the identity provider to enable UCP to authenticate with that identity. + +## Limitations + +You can download a client bundle to access UCP. To ensure that access from the client bundle is synced with the identity provider, we recommend the following steps. Otherwise, a previously-authorized user could get access to UCP through an existing client bundle. + +- Remove the user account from UCP granting client bundle access if access is removed from the identity provider. +- If group membership has changed in the identity provider, replicate this change in UCP. +- Continue to use LDAP to sync group membership.