Proper SSO with a single account across forum/app/academy.htb

It would be good if the login experience for app, forum and academy would allow for SSO (a single account), as well as additional login factors beside password (i.e. federation with Github, Google, other OIDC factors, FIDO for MFA, etc.).

I understood from the FAQs why the login for app and academy have originally been kept separate (due to the initial signup challenge for the app), but I believe there are alternative ways to handle it with authorization (i.e. using different scopes / permissions), account linking, and alike.
Happy to support here with conceptual ideas, as my focus is on CIAM.

2 Likes

App and Academy have optional 2-factor authentication with time-based one-time passwords (TOTP).

For the forum, I would also like to have 2FA. In the forum 2FA is also available, see NightWolf56 reply below.

I use a password database program (KeePassXC). For one login per month, selecting the correct entry in the program is fine for me. I don’t request a single login.

1 Like

Yes, also using KeepassXC and TOTP over here. And it’s certainly not a high priority item, but still, these days it’s good practice to provide a single login across multiple subdomains/services, especially if it’s all first-party / same vendor, and especially when HTB itself is in the security space - would be good to follow best practices. But agree, the sessions are long and it’s not overly critical from that perspective.

1 Like

I’m only half joking when I say that managing separate accounts for various parts of HTB is what finally pushed me over the edge to using a password manager. The good news is I can confirm SSO is planned. The bad news I don’t have an ETA for when it will be released. The concept was first brought up when Academy was released.

The forum is currently using Discourse and 2FA is available for setup under, Profile → Preferences → Security → Two-Factor Authentication.

3 Likes