WingNews logo WingNews
top | item 31840298

(no title)

stavrianos | 3 years ago

I've seen this conversation before, but I've never been clear on what exactly the consequences of the SSO are. I imagined, it might be that the provider gets an IP address when you connect or something. You're saying they potentially get _access as you_? Am I understanding that correctly?

discuss

order

api|3 years ago

Anything authenticated with SSO can be accessed by the SSO provider since they're able to approve any authorization, which means they can just log into all your stuff.

So e.g. if you use "log in with Google" on a web site, Google now has access to your account too (if they behaved badly or were compromised).

Spreading SSO auth everywhere gives the SSO provider login access to absolutely everything you have.

risho|3 years ago

wait so if i authenticate tailscale using google and enable tailscale ssh's google can just log into any of my tailscale ssh servers?