Core Web App

There are only 6 roles available. However, I would like to be able to break it out more granularly. For example be able to create a role that can create/update/flag documentation, but not share. Allowing custom role creations would likely satisfy a few feature quests here by getting the permissions broken down more granularly and allowing us to choose which permission get applied to the custom role.

We create portal members as guest users in our Microsoft 365 tenant so they are subject to our MFA and security policies. For security purposes, we would like the ability to enforce Single Sign-On (SSO) for portal members accessing our Hudu instance, instead of them being automatically exempt. This ensures all users, including guests, authenticate consistently and securely through our identity provider.

Often with setting up 2FA by TOTP you also get a list of backup codes, it would be nice to have the ability to add them to the password layout. Possibility the ability to past the list and they become an array where if you use one it can be removed from the array. Right now I see a lot of people adding them to the notes field which is far less secure (I know even more secure would be to not store them in the same place as the TOTP/Password but it's a start!)

95% of the time, archiving the user and removing the license is perfectly fine and preferred. There are cases were we might need to delete a user account for testing, and currently we are not able to do that.

We can deny access to individual custom asset types for a security group but not Core Assets. Also, we can’t restrict access to specific KB Folders in the same way we can with Password folders. These would be 2 very useful security features, especially for co-managed users. (Until the co-managed user feature is improved)

Add the ability to paste in a SSL certificate information and track the expiration. Not all sites are public facing but still use a public ssl certificate.

Monitor and alert on the activity of users that meet the set thresholds of certain activities. For example, if there is a threshold for the number of passwords accessed in an hour or a day to make sure that nobody is harvesting passwords, whether an insider threat or if a bad actor has gained access to an account.

The new "groups" endpoint on the API is useful for identifying who has access to what, but it is missing alot of details: Which companies does the group have access or deny to Login Schedule of the group Other Restrictions applied to the group

We need to be able to use user groups to control access to core assets in the same way that you can with custom assets. There are many reasons this should be in place, but the most obvious is not all users with access to hudu should be able to see all the core assets for a given company they have access to.

It would be great to be able to create multiple SSO configurations for an account. We have multiple organizations utilizing different solutions for SSO and MFA. As a result, we can only setup one SSO configuration for all of the companies in the system. It would be a great way to secure a company by allowing a SAML configuration per company or multiple for the top level. This allows for MSP's or Internal IT to be able to securely manage accounts and map to the appropriate customers. It would also be great to be able to map group sin the system to SSO as well as SCIM provision users as we give access.