You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Implement new new_clients and enable_test_tenant configuration parameters and change the behavior of enable_mvp. Add the following comments to tms.toml to explain what's new:
# Setting this flag causes the server to run in Minimal Viable Product (MVP)
# mode, which affects the level of automation during key creation
# (when the pubkeys_create endpoint executes). MVP processing has these
# characteristics:
#
# 1. Keys are created unlimited lifetimes and number of uses.
# 2. When a client creates a key, the following associations are
# automatically created:
# a. The user is automatically assigned a non-expiring MFA.
# b. The user automatically delegates use of the private key
# to the client.
# c. The user name is automatically mapped to a host account
# with the same name.
# 3. No new clients can be created. This has the same effect as
# setting new_clients = "disallow".
#
# MVP is only appropriate when (1) the Identity Provider (IDP) used by
# the client to authenticate its users is the same IDP that the target
# host uses for user login, (2) the client's user name is the same
# as the host account name, and (3) when no new clients should be
# created.
#
# default = false
enable_mvp = false
# This switch can be used to allow new clients with no restrictions,
# lock down the current set of clients by disallowing new client creation,
# or only allow new client creation when the caller has a short-lived,
# one-time password created by the tenant administrator. Valid string
# values for this parameter are:
#
# allow, disallow, on_approval
#
# When enable_mvp is true, then the value of this parameter is always
# overridden and effectively set to "disallow".
#
# default = "allow"
new_clients = "allow"
# Enable or disable the use of any artifacts in the test tenant. By
# setting this parameter to true clients, delegations, user/host
# mappings and user MFA information in the test tenant are available
# via API. When set to false, no actions can take place in the test
# tenant.
#
# We recommend setting this parameter to false in production
# environments to avoid misuse of access granted for testing
# purposes.
#
# default = false
enable_test_tenant = false
The text was updated successfully, but these errors were encountered:
Implement new new_clients and enable_test_tenant configuration parameters and change the behavior of enable_mvp. Add the following comments to tms.toml to explain what's new:
The text was updated successfully, but these errors were encountered: