Is Kanidm audited and used in prod?

[kaushalyap]

It seems like lovely product built on SQLite with Rust, Did Kanidm underwent any security audits?
Anyone using it production?

[Firstyear]

Yes - there are multiple organisations using it in production for their users day to day.

Additionally, a number of the security critical parts and cryptographic elements have been audited by the SUSE product security team. They made a small number of hardening recommendations where were all applied, and they were otherwise impressed with the design and quality of the code.

[kaushalyap]

Great to here!, some additional question then

• Does Kanidm support granular policies / rules?
• Does this support multi-tenancy?
• Anyway to add analytics, export event logs etc?
• Anyplan to add dashboard for user management (removing accounts, force invalidating sessions)?

[yaleman]

Does Kanidm support granular policies / rules?

Yes, but that's a rather vague question as it stands. If you have a read through our documentation and can't find what you want, then I'd suggest specific questions are more easily answered.

Does this support multi-tenancy?

Not as yet. Federation is planned in future. (No specific timeline)

Anyway to add analytics, export event logs etc?

Events are logged as part of the standard system operation, and we're improving their fidelity over time. See #2185 for discussions on that.

Anyplan to add dashboard for user management (removing accounts, force invalidating sessions)?

Yes.