[GH-ISSUE #1092] FEATURE REQUEST: Seamless Single Sign-on status and automation #586

New issue

Closed

opened 2026-03-02 12:43:29 +03:00 by kerem · 2 comments

kerem commented 2026-03-02 12:43:29 +03:00

Owner

Copy link

Originally created by @Nakazen on GitHub (Aug 30, 2022).
Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/1092

Description of the new feature - must be an in-depth explanation of the feature you want, reasoning why, and the added benefits for MSPs as a whole.

Check and show the current state and expiration date of all the Seamless Single Sign-on Kerberos token status in all the connected tenants at a glance.

When you enable Seamless Single Sign-on Microsoft highly recommends that you rollover the kerberos token every 30 days to ensure an adequate level of security.
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-faq#how-can-i-roll-over-the-kerberos-decryption-key-of-the--azureadsso--computer-account-

This means that for every single tenant this needs to be done and monitored separately.
It would be great if this can be monitored in CIPP to make this easier for a MSP to maintain up to date kerberos keys and possibly automate / partially automate this process.
This feature has been requested at Microsoft for multiple years, but no answer from so far. https://feedback.azure.com/d365community/idea/e0b9222b-b525-ec11-b6e6-000d3a4f0789

If you need any more information please let me know.

Originally created by @Nakazen on GitHub (Aug 30, 2022). Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/1092 Description of the new feature - must be an in-depth explanation of the feature you want, reasoning why, and the added benefits for MSPs as a whole. Check and show the current state and expiration date of all the Seamless Single Sign-on Kerberos token status in all the connected tenants at a glance. When you enable Seamless Single Sign-on Microsoft highly recommends that you rollover the kerberos token every 30 days to ensure an adequate level of security. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-faq#how-can-i-roll-over-the-kerberos-decryption-key-of-the--azureadsso--computer-account- This means that for every single tenant this needs to be done and monitored separately. It would be great if this can be monitored in CIPP to make this easier for a MSP to maintain up to date kerberos keys and possibly automate / partially automate this process. This feature has been requested at Microsoft for multiple years, but no answer from so far. https://feedback.azure.com/d365community/idea/e0b9222b-b525-ec11-b6e6-000d3a4f0789 If you need any more information please let me know.

kerem 2026-03-02 12:43:29 +03:00

• closed this issue
• added the
  enhancement
  no-priority
  labels

kerem commented 2026-03-02 12:43:30 +03:00

Author

Owner

Copy link

@KelvinTegelaar commented on GitHub (Sep 1, 2022):

Can;t be done via Partner creds unfortantelly, feel free to remake in a couple of months when everyone is forced to use GDAP, might be possible then!

<!-- gh-comment-id:1234410317 --> @KelvinTegelaar commented on GitHub (Sep 1, 2022): Can;t be done via Partner creds unfortantelly, feel free to remake in a couple of months when everyone is forced to use GDAP, might be possible then!

kerem commented 2026-03-02 12:43:30 +03:00

Author

Owner

Copy link

@Nakazen commented on GitHub (Sep 2, 2022):

Will do, thanks for looking into it!

<!-- gh-comment-id:1235132489 --> @Nakazen commented on GitHub (Sep 2, 2022): Will do, thanks for looking into it!

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

docs

dev

dependabot/npm_and_yarn/dev/uiw/react-json-view-2.0.0-alpha.42

dependabot/npm_and_yarn/dev/tanstack/react-query-persist-client-5.96.2

dependabot/npm_and_yarn/dev/mui-tiptap-1.30.0

dependabot/npm_and_yarn/dev/tanstack/react-query-devtools-5.96.2

dependabot/npm_and_yarn/dev/recharts-3.8.1

dependabot/github_actions/dev/actions/setup-node-6.4.0

copilot/add-alert-for-report-only-ca

release/beta

release/nightly

docs-maintenance

v10.4.0

v10.3.0

v10.2.0

v10.1.0

v10.0.0

v8.8.0

v8.7.0

v8.6.0

v8.5.0

v8.4.0

v8.3.0

v8.2.0

v8.1.0

v8.0.0

v7.5.0

v7.4.0

v7.3.0

v7.2.0

v7.1.0

v7.0.1

v6.4.0

v6.3.0

v6.2.0

v6.1.0

v6.0.0

v5.9.0

v5.8.5

v5.8.0

v5.7.0

v5.6.0

v5.5.0

v5.4.0

v5.3.0

v5.2.0

v5.1.0

v5.0.0

v4.9.0

v4.8.0

v4.7.0

v.4.6.0

v4.5.0

v4.4.0

v4.3.0

v4.2.0

v4.1.0

v4.0.0

v3.8.0

v3.7.0

v3.6.0

v3.5.0

v3.4.0

v3.3.0

v3.2.0

v3.1.0

v3.0.0

v2.20.0

v2.19.0

v2.18.0

v2.17.0

v2.16.0

v2.15.0

v2.13.0

v2.12.0

v2.11.2

v2.1.11.0

v.2.10.0

v2.9.0

v2.8.0

v2.7.0

v2.6.0

v2.5.5

v2.5.0

v2.4.0

v.2.3.0

v2.2.0

v2.1.2

v2.1.1

v2.1.0

v2.0.1

2.0.0

v1.5.1

v1.5.0

v1.4.3

v1.4.2

v1.4.0

v1.3.0

v1.2.1

v1.2.0

1.1.0

release

Labels

Clear labels   

API

  

Feature

  

NotABug

  

NotABug

  

Planned

  

Sponsor Priority

  

Sponsor Priority

  

bug

  

documentation

  

duplicate

  

enhancement

  

needs more info

  

no-activity

  

no-priority

  

not-assigned

  

pull-request

Mirrored from GitHub Pull Request

  

react-conversion

  

react-conversion

  

roadmap

  

security

  

stale

  

unconfirmed-by-user

  

unconfirmed-by-user

  

wontfix

No labels

API

Feature

NotABug

NotABug

Planned

Sponsor Priority

Sponsor Priority

bug

documentation

duplicate

enhancement

needs more info

no-activity

no-priority

not-assigned

pull-request

react-conversion

react-conversion

roadmap

security

stale

unconfirmed-by-user

unconfirmed-by-user

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/CIPP#586

No description provided.