Ok, I just got around to testing Four Eyes Authentication when SAML Authentication is being enforced.
I created a Role “Four Eyes Authentication” and added LDAP Groups to it.
I then opened the Operator account for one of my “Test” environment Master Operators and assigned the “Four Eyes Authentication” role as the required Authenticaters for the user. I then logged in as the user I configured for Four Eyes, using SAML to authenticate, and when I attempted to deploy an action, it gave me the following …
It doesn’t work the way I hoped it would. It displays a basic Authentication dialog box and no matter what you enter, it results in an “Approver credentials need to be for a local user.” message.
Guess I’m going the route of adding the Operations folks to all the Roles and removing their Master Operator rights. Not that I’m terribly sad about reducing their rights, I just wish SAML authentication worked with Four Eyes. Maybe I’ll add a Feature Request for this since I still don’t want Operations running rampant inside BigFix. (Paranoia is a terrible thing, unless someone really is out to get you!)