Enhance Authentication Management in UI

Products PingCastle Ideas
,
1

What is a one sentence summary of your feature request?

Move the Authentication Configuration from the appconfig.xml file into the WebInterface UI to enhance usability and streamline security settings management.

Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.

Currently, the Authentication Configuration for PingCastle is stored in the appconfig.xml file, which can be cumbersome and prone to error, particularly for users who may not be familiar with XML file manipulation.
This method lacks user-friendliness and accessibility, as it requires users to have direct access to the file system and a certain level of technical expertise to make changes. By integrating the Authentication Configuration into the WebInterface UI, users would be able to manage settings through a more intuitive and visually guided interface.
This improvement would allow for real-time validation of inputs, reduce the risk of misconfigurations, and provide users with clearer guidance on authentication settings.
Furthermore, having this functionality directly within the UI aligns with modern application standards, where configurations are typically adjustable without delving into code or configuration files.

How do you currently solve the challenges you have by not having this feature?

Currently, I manually edit the appconfig.xml file to configure authentication settings, which leads to errors due to syntax issues or incorrect parameter values.

This process is time-consuming and can result in downtime or security vulnerabilities if not handled properly. Additionally, it lacks a user-friendly approach for team members who may need to make modifications but do not possess technical skills.
The need to frequently access the file system can also hinder productivity and complicate collaborative efforts among team members who may not have appropriate permissions or access rights.
As a result, moving this configuration to the WebInterface UI would greatly enhance operational efficiency and reduce the potential for error.

2

Excellent idea there Philipp! The appsettings.json files are a source of confusion to many and is one of the most common support issues that the support team get. Enhancing the Configuration → Settings menu is definitely something we will plan to do.

I have updated this to a planned feature. Once we have planned out the feature on this side we will post back here with some ideas and mock ups and see what you think!

Short Term

We have some related updates coming in the short-term:

Documentation update to the Authentication Providers

This will be an in depth guide on all authentication provider options, troubleshooting etc.
I will reply here when we get that update live on the Netwrix HelpCenter. I have completed Windows Authentication and SAML so far so mainly just Entra and OpenIDConnect left.

Enhancing SAML and OpenIDConnect/Entra

The next hotfix, likely 3.3.0.11, we will address a few fundamental issues that have been discovered by us as well as other customers:

  • Make the setup for each account time more clear by having specific account types:
    • Internal - PingCastle internal users
    • External - Used for SAML/OIDC etc
    • Windows - Used specifically for Windows Authentication
  • Allow Claims to work properly in SAML and OpenIDConnect

We also have the following being worked on for the Netwrix PingCastle 3.4 release but these may end up in the hotfix too:

  • Support App Roles directly from Entra ID Application for claims in PingCastle
  • Allow IDP Initiated MFA to work with SAML

Make sure you subscribe to the PingCastle > Announcements category as release updates will be posted there!

1 Like