I am vary excited to see what cloudron has achieved so far. Almost every app that runs within our internal infrastructure is available at cloudron. Switching to cloudron would mean a big relief for us.
Key things that I miss in clourdron:
- real SSO, meaning not only shared user credentials but only a single sign on is needed to access all apps
- an option that makes an app only available to authenticated users, that is separate from the app itself. This is for security reasons, so an app is not exposed to the public internet. Practically, that means that all traffic needs to run through a proxy
- With the above it becomes possible to do things like 2FA more easily and consistent
At the current state it is not possible to fulfill security best practices that become a requirement at many companies now.
That wish needs a lot of basic architectural changes, so I don't expect that this comes fast.
In the meantime please clarify SSO in the docs. Better say clearly that you don't have SSO yet and that it is a shared user database and single credential login.