Based on documentation UI can be configured to use SSO (GitHub - temporalio/web: Temporal Web UI v1). I managed to setup it using Auth0 but the issue was that everyone in the audience has access to the temporal and all its functions (like accesing all event data, terminating a workflow in all namespaces).
I was wondering if I have done it right or I was missing something.
BTW I am using v1. It would be awesome if you point me in the right direction about how to achieve the same with the v2 version.
Finally, are you planning into adding scopes / roles somehow to be able to split namespace visibility, event-data access and actions?
Did you having success with this? I have applied authorisation on UI via the temporal server using the Authoriser and ClaimMapper, however this has now required all frontend requests to provide an authorization token. I need to only restrict to authorize UI and allow the SDK clients to be mTLS.
Can anyone help with this? Is the only choice is to write a custom Authorizer for client certificates?