Hi there,
I am looking for a developer who is able to solve our issue:
We need to re-verify the user email every 30-60 days. If the user is not responding to the verification email his account has to be deactivated automatically.
We have to be sure, each user is still active in his company / organization. Sending a verification email to his work email account seems to be the smartes way.
Any other hints are welcome.
Frank
Hi Frank I don’t think you can solve this challenge technically. There are factors you might have missed - in Nextcloud users are allowed to adjust their email address - which would make periodic verification process to not achieve what you are expecting.
SSO system like LDAP, ADFS, OpenID or SAML are common today so maybe it would be easier to rely on your partner company IdP - usually companies have processes in place to disable/delete leaving users - this would automatically cover you need giving you additional benefits like single sign on without a need to manage another credential for your cloud system. Depending on the number and kind of partner organizations you might prefer some intermediate IdP like Keycloak on your side where you proxy logins from external IdPs.
Hi,
THX for your thoughts.
I am aware of the risk, the user may change the mail to, eg a private one, but that risk is managable.
SSO is not a solution, as we have 2-5 users of about 50 indebended organizations.
I have no idea about periodic verification but I think local sso IdP for user management together with mail mfa would cover your needs. This also address the issue of email update - if the data comes from an IdP user can’t update the email in NC anmore
hier an example for keycloak
Hi,
Sounds interesting, but is seems way too complex for me ;–)