Expensify.org is accepting proposals for new campaigns. Submit yours here by April 30th to receive up to $100,000 in funding for campaigns dismantling injustice related to: Climate, Homes, Hunger, Reentry, or Youth.
Enforce SSO to use SAML only, prevent use of secondary accounts for domains
One reason we leverage SSO is pass off authentication and MFA to our IDP, Google. By doing so, users logging into Expensify will be subject to the Google password and account policies.
If we don't have an ability to restrict the ability for user accounts within our company's domain to create a secondary account, this creates a large security gap. Would love to see the ability to restrict the based on domains/groups.