undefined | Better HN

story

0 pointsjpgoldberg10y ago0 comments

Ah, that is better. No promises (and nothing in the immediate future), but this does certainly remain in the realm of possibilities.

I don't want to speak for the down-voters (I'm not one of them and I think your comment is was a valuable contribution), but when I first saw AD integration requests I assumed that people wanted AD managed Kerberos authentication to 1Password for Teams; and so imagined delegating 1Password for Teams authentication and authorization to a third entity.

Don't get me wrong. I love Kerberos. And in very early planning stages we looked at it quite a bit. But Kerberos is only about authentication. We need client derived encryption keys as well as authentication tokens to achieve our security goals of end-to-end encryption.

0 comments

newman31410y ago

No, not delegated auth although 2 factor might be nice.

Delegated user admin/sync would be what I'm looking for. Centralized user management along with RBAC makes it much easier to set policy.

keeper10y ago

Check out Keeper Enterprise. We have delegated auth, 2 factor, AD/LDAP sync and centralized user management with a policy engine. And much more :)

newman31410y ago

I see in your comments that you are a new user.

I have no issue checking Keeper out but two things to note:

1) It's considered good form to clearly disclose your affiliation

2) Repeatedly spamming/commenting a different product's thread isn't.

Comment once or twice. Feel free to submit your site to HN with something interesting (blog post?) and people will up vote accordingly if there is validity.

j / k navigate · click thread line to collapse

0 comments

newman31410y ago

No, not delegated auth although 2 factor might be nice.

Delegated user admin/sync would be what I'm looking for. Centralized user management along with RBAC makes it much easier to set policy.

keeper10y ago

Check out Keeper Enterprise. We have delegated auth, 2 factor, AD/LDAP sync and centralized user management with a policy engine. And much more :)

newman31410y ago

I see in your comments that you are a new user.

I have no issue checking Keeper out but two things to note:

1) It's considered good form to clearly disclose your affiliation

2) Repeatedly spamming/commenting a different product's thread isn't.

Comment once or twice. Feel free to submit your site to HN with something interesting (blog post?) and people will up vote accordingly if there is validity.

j / k navigate · click thread line to collapse