ados8000 8 Posted November 19, 2023 Share Posted November 19, 2023 (edited) Hoping to have the device access feature expanded, right now it's not practical. When a user tries to login with device access restricted they get this error: It has nothing to do with their login, doesn't even mention device restrictions. When the admin checks the audit events there are none for this, unless the user knows what this cryptic message is for and alerts the admin it will go by unnoticed or send the admin on a goose chase resetting their password. In addition the current process requires the admin to allow all devices on the account, tell them to login and then add the restriction back. What I was thinking is the following. Ability for the admin to be alerted via webhook or email on new device attempt to login. The user gets a warning along the lines of 'unauthorised device, this requires admin approval before you can sign in'. The admin can then go to the activity and see the attempted device, view their account and either approve or ignore it. Let me know if you have any questions. Edited November 19, 2023 by ados8000 Link to comment Share on other sites More sharing options...
ebr 14913 Posted November 19, 2023 Share Posted November 19, 2023 Hi. Some sort of alert for the admin with more detail is a good idea. From the app perspective, however, it is generally good practice to give very few details on exactly why a restricted operation is failing. You don't want to give the hacker better information on exactly how to attack. Link to comment Share on other sites More sharing options...
ados8000 8 Posted November 19, 2023 Author Share Posted November 19, 2023 (edited) Yes to more details please, for admin and user. I don't think having a message that new device sign in requires approval gives the hacker useful information. I've never seen Emby block or restrict excessive logins. It would be up to the admin to contact the user and verify if they want they were trying to login. I've requested Emby get support for SSO/OpenID but was told that isn't going to happen. Having that support would allow for security platforms like Authentic or Authelia to be the front end defence for hackers. If possible can we have the device restrictions reviewed please for new design. Edited November 19, 2023 by ados8000 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now