26 lines
947 B
Markdown
26 lines
947 B
Markdown
# Self-Hosted Auth Manager
|
|
|
|
Centralize authentication and authorization for self-hosted services using consistent SSO and OAuth policies.
|
|
|
|
## Problem
|
|
Self-hosted stacks often accumulate fragmented login systems, creating security gaps and admin overhead.
|
|
|
|
## Core capabilities
|
|
- Unified identity provider for internal tools.
|
|
- Role and group mapping across services like Gitea, dashboards, and admin panels.
|
|
- MFA enforcement and session policy controls.
|
|
- Audit logs for access events and permission changes.
|
|
|
|
## MVP scope
|
|
- Deploy with one identity backend and two relying-party integrations.
|
|
- Define baseline role model and default access policies.
|
|
- Add admin UI for user lifecycle management.
|
|
|
|
## Success criteria
|
|
- Fewer account management tasks across services.
|
|
- Improved access consistency and security posture.
|
|
|
|
## Stretch ideas
|
|
- Just-in-time privileged access workflows.
|
|
- Risk-based auth prompts based on context and device posture.
|