Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Check out ZITADEL! (full disclosure, I'm part of the team)
It's an open-source IAM solution. It offers a cloud-based SaaS option and can also be downloaded for self-hosting. You can try the hosted cloud version for free - https://zitadel.com/signin
It provides:
- authentication and authorization capabilities (including IdP Federation)
- auditing
- custom extensions
- support for standards such as OIDC/OAuth/SAML/LDAP
- full API support
- various authorization strategies, including Role-Based Access Control (RBAC) and Delegated Access, making it a great choice for both B2C and B2B scenarios.
It mostly aims to ensure ease of operation and scalability (users love the simplicity). The community and team actively contribute towards development and support.
You can download it and host it yourself - https://zitadel.com/docs/self-hosting/deploy/overview
Github- https://github.com/zitadel/zitadel
Case studies and testimonials - https://zitadel.com/blog/tags/successstory
Thanks for the pointer to that.
If anyone else is interested: https://github.com/cloudflare/har-sanitizer/blob/main/src/li... is the scrubbing logic for cloudflare.
Unfortunately, this scrubber would be problematic for Okta staff (or staff for any other authentication provider support team) because when someone is having issues with logging in, you need to examine Authorization and other authentication headers and data.
So I think the best course is to:
* caution users to not send production data, but rather to set up a test system and share the HAR file from that
* make sure you do defense in depth and lock down access to support tickets
* remove HAR files from closed support tickets. Here's a zendesk article about that: https://support.zendesk.com/hc/en-us/community/posts/6185912...