We've been using Passwordstate in our organisation for a couple of years now (since version 4). We like it so much that we now want to share it with our customers, so we can maintain a common set of account information without the hassle of communicating every change at either side manually. Said customers already exist as users in our domain so it's possible to give them access, but here's the thing: the authentication situation is not ideal.
You see, we have several other applications that we share with external users and they all hook into Active Directory Federation Services, to provide a very convenient Single Sign On experience. As far as I can tell, Passwordstate currently only supports basic Windows Authentication, which requires visitors from outside the firewall to enter their username and password. Ideally that step should be redundant if they're already signed into the SSO. Besides being easier for the user, another advantage would be that AD FS can handle multi-factor authentication universally according to the domain policies, rather than having to manage a second authentication factor from inside Passwordstate.
Being a developer myself I imagine that it would be difficult for Passwordstate to support truly federated identity (i.e. AD FS endpoints from third parties) but it would be really nice to at least offer AD FS as an authentication option for users in the local domain. Those working inside the firewall will hardly notice the difference, but for those outside it means they no longer have to re-type their password and possibly provide another authentication factor - when they're already logged in.
With the latest releases of the Windows Identity Framework, it's become really easy to get the basic concept working. Obviously I can't tell how much impact it would have on the rest of your security code, but I hope you can consider this for a future release.
- Getting identity from AD FS in the most current version of .NET: http://msdn.microsoft.com/en-us/library/hh987037(v=vs.110).aspx
- Older method, but explains setting up AD FS, which the first article skips over: http://blogs.msdn.com/b/alextch/archive/2011/06/27/building-a-test-claims-aware-asp-net-application-and-integrating-it-with-adfs-2-0-security-token-service-sts.aspx
Cheers from Holland,