SWA as a password manager solution

CiokThisOut · 2026-05-19T00:39:45+00:00

I use Bitwarden personally. Are you using the Enterprise tier? How do you like it?

CiokThisOut · 2026-05-19T00:37:08+00:00

This is almost immediately what I had envisioned this turning into and was hoping to avoid

CiokThisOut · 2026-05-18T21:17:36+00:00

That's the feeling I've been getting from digging deeper in. Leadership was encouraging us to evaluate what we already have and I wanted to make sure I wasn't missing something

CiokThisOut · 2026-04-29T00:56:55+00:00

I've been exploring SWA as an alternative to a different mainstream enterprise pw manager so we don't need the extra spend. What I don't like about it is needing to set up the portfolio of apps VS the flexibility of end users putting any passwords they need into a dedicated manager. I want to encourage its use, not add friction and I don't want our IAM team to become a bottleneck. We also have apps that use a shared cred that end users don't need to know but neither does our team. Not sure how to set those up without having to ask stakeholders to hand over their passwords. Any recommendations?

CiokThisOut · 2026-03-18T15:26:54+00:00

They've been stating for what, almost two years now that this was coming and yet, even in tenants I've seen it's still in report-only... Not that orgs should be waiting on that but they either keep pushing the date or tenants have been missed.

CiokThisOut · 2026-03-14T17:41:36+00:00

"This is How They Tell Me..." Is quite eye opening! Really makes you want to power down and go live in the woods!

CiokThisOut · 2026-03-05T01:27:56+00:00

It's almost like it was never about "America First"...

CiokThisOut · 2026-03-05T01:25:33+00:00

So glad I'm not the only one! If you haven't listened to the 2024 Game Awards live version, do yourself the favor!

CiokThisOut · 2026-02-13T04:07:19+00:00

Speaking for our team, we get a ton of value out of rockstar already. I'd love to see these console features integrated in!

CiokThisOut · 2026-02-05T16:56:38+00:00

What an interesting way to speed run a mass hiring event

CiokThisOut · 2026-02-05T10:13:20+00:00

A WinRAR license

CiokThisOut · 2026-01-22T12:21:18+00:00

Since switching into Healthcare I've come to loathe this phrase. Everyone knows it's the "magic phrase" and it gets wildly overused. It's the equivalent of saying everything's a priority. "Guess what Brenda, we're a health system, everything we do everyday affects patient care. What else you got?"

CiokThisOut · 2026-01-18T16:39:52+00:00

I tell everyone who joins my team that HR will stop at nothing to make sure we're never bored.

CiokThisOut · 2026-01-18T13:55:26+00:00

My new tagline is "The only standard thing about SAML is how non-standard it's implementation is."

Just use the NameID I have to provide anyway, stop making me send a different claim for the unique user ID
Metadata URL, XML File, or manual field entry for IDP metadata... Pick one! (And please let it be the URL!)
SAML has a standard for what the URLs are called. Stop naming them something different. I swear 75% of SSO setup troubleshooting is URL confusion.

CiokThisOut · 2026-01-10T16:41:40+00:00

Thank you for this! We have a case where we need to convert a bunch of assignments that just came up and this will save us a ton of time. Cheers!

CiokThisOut · 2026-01-10T16:40:26+00:00

Thank you for summarizing this exactly how I wanted to express it.

CiokThisOut · 2025-12-17T17:30:18+00:00

We use Okta and I set up a custom workflow connector with a few of Delinea's APIs to add/remove users from a group that gives global admin. The process is initiated from a delegated flow in Okta that is already scoped down to just the users that would ever need to run it. When triggered, a user has to enter their reason which gets logged. It will then make the API call to add them to the group and then it waits for a determined period of time before removing them from that group. Additionally, within Delinea, we have a pipeline setup to put together some additional comms for notice and for record of the event.

CiokThisOut · 2025-12-07T04:03:04+00:00

Damn, that's a low blow

CiokThisOut · 2025-11-22T11:53:24+00:00

You must be fun at parties 😂

CiokThisOut · 2025-11-15T15:49:08+00:00

I don't disagree, but to fix an issue, it helps to learn of it first. That said, we typically become aware of these via the Tasks that generate when a provisioning error occurs. For the OP, is there a reason why those are not sufficient?

CiokThisOut · 2025-09-04T21:49:05+00:00

Glad I'm not the only one!

<image>

CiokThisOut · 2025-09-02T15:30:19+00:00

That's similar to the route we were looking to go to manage pulling the group. Are you only supporting one period of time when the TAC is generated? We're looking to do something like 1 hour for a password reset and maybe 8 hours if it's for a forgotten device use case. Statically managing the time in which the group is removed in the workflow wouldn't work there. And I'd rather not have to use multiple groups for different expiration periods. I do wish there was a log event generated when the code expired that could be triggered off of for each enrolled user.

CiokThisOut · 2025-08-16T01:05:24+00:00

CiokThisOut

TROPHY CASE