Merge pull request #4329 from Infisical/misc/address-ldap-update-and-test-issues

misc: address LDAP config update and test issues
misc: addressed comments
2025-08-13 07:12:51 +00:00 · 2025-08-08 04:51:27 +08:00 · 2025-08-08 04:49:23 +08:00 · 2025-08-08 00:45:43 +05:30 · 2025-08-07 15:12:37 -04:00 · 2025-08-07 22:33:58 +04:00
40 changed files with 625 additions and 249 deletions
--- a/backend/src/db/migrations/20250805151349_last-logged-auth-method.ts
+++ b/backend/src/db/migrations/20250805151349_last-logged-auth-method.ts
@@ -0,0 +1,65 @@
+import { Knex } from "knex";
+
+import { TableName } from "../schemas";
+
+export async function up(knex: Knex): Promise<void> {
+  const lastUserLoggedInAuthMethod = await knex.schema.hasColumn(TableName.OrgMembership, "lastLoginAuthMethod");
+  const lastIdentityLoggedInAuthMethod = await knex.schema.hasColumn(
+    TableName.IdentityOrgMembership,
+    "lastLoginAuthMethod"
+  );
+  const lastUserLoggedInTime = await knex.schema.hasColumn(TableName.OrgMembership, "lastLoginTime");
+  const lastIdentityLoggedInTime = await knex.schema.hasColumn(TableName.IdentityOrgMembership, "lastLoginTime");
+  if (!lastUserLoggedInAuthMethod || !lastUserLoggedInTime) {
+    await knex.schema.alterTable(TableName.OrgMembership, (t) => {
+      if (!lastUserLoggedInAuthMethod) {
+        t.string("lastLoginAuthMethod").nullable();
+      }
+      if (!lastUserLoggedInTime) {
+        t.datetime("lastLoginTime").nullable();
+      }
+    });
+  }
+
+  if (!lastIdentityLoggedInAuthMethod || !lastIdentityLoggedInTime) {
+    await knex.schema.alterTable(TableName.IdentityOrgMembership, (t) => {
+      if (!lastIdentityLoggedInAuthMethod) {
+        t.string("lastLoginAuthMethod").nullable();
+      }
+      if (!lastIdentityLoggedInTime) {
+        t.datetime("lastLoginTime").nullable();
+      }
+    });
+  }
+}
+
+export async function down(knex: Knex): Promise<void> {
+  const lastUserLoggedInAuthMethod = await knex.schema.hasColumn(TableName.OrgMembership, "lastLoginAuthMethod");
+  const lastIdentityLoggedInAuthMethod = await knex.schema.hasColumn(
+    TableName.IdentityOrgMembership,
+    "lastLoginAuthMethod"
+  );
+  const lastUserLoggedInTime = await knex.schema.hasColumn(TableName.OrgMembership, "lastLoginTime");
+  const lastIdentityLoggedInTime = await knex.schema.hasColumn(TableName.IdentityOrgMembership, "lastLoginTime");
+  if (lastUserLoggedInAuthMethod || lastUserLoggedInTime) {
+    await knex.schema.alterTable(TableName.OrgMembership, (t) => {
+      if (lastUserLoggedInAuthMethod) {
+        t.dropColumn("lastLoginAuthMethod");
+      }
+      if (lastUserLoggedInTime) {
+        t.dropColumn("lastLoginTime");
+      }
+    });
+  }
+
+  if (lastIdentityLoggedInAuthMethod || lastIdentityLoggedInTime) {
+    await knex.schema.alterTable(TableName.IdentityOrgMembership, (t) => {
+      if (lastIdentityLoggedInAuthMethod) {
+        t.dropColumn("lastLoginAuthMethod");
+      }
+      if (lastIdentityLoggedInTime) {
+        t.dropColumn("lastLoginTime");
+      }
+    });
+  }
+}
--- a/backend/src/db/schemas/identity-org-memberships.ts
+++ b/backend/src/db/schemas/identity-org-memberships.ts
@@ -14,7 +14,9 @@ export const IdentityOrgMembershipsSchema = z.object({
  orgId: z.string().uuid(),
  createdAt: z.date(),
  updatedAt: z.date(),
-  identityId: z.string().uuid()
+  identityId: z.string().uuid(),
+  lastLoginAuthMethod: z.string().nullable().optional(),
+  lastLoginTime: z.date().nullable().optional()
 });

 export type TIdentityOrgMemberships = z.infer<typeof IdentityOrgMembershipsSchema>;
--- a/backend/src/db/schemas/org-memberships.ts
+++ b/backend/src/db/schemas/org-memberships.ts
@@ -19,7 +19,9 @@ export const OrgMembershipsSchema = z.object({
  roleId: z.string().uuid().nullable().optional(),
  projectFavorites: z.string().array().nullable().optional(),
  isActive: z.boolean().default(true),
-  lastInvitedAt: z.date().nullable().optional()
+  lastInvitedAt: z.date().nullable().optional(),
+  lastLoginAuthMethod: z.string().nullable().optional(),
+  lastLoginTime: z.date().nullable().optional()
 });

 export type TOrgMemberships = z.infer<typeof OrgMembershipsSchema>;
--- a/backend/src/ee/routes/v1/ldap-router.ts
+++ b/backend/src/ee/routes/v1/ldap-router.ts
@@ -379,14 +379,17 @@ export const registerLdapRouter = async (server: FastifyZodProvider) => {

  server.route({
    method: "POST",
-    url: "/config/:configId/test-connection",
+    url: "/config/test-connection",
    config: {
      rateLimit: readLimit
    },
    onRequest: verifyAuth([AuthMode.JWT]),
    schema: {
-      params: z.object({
-        configId: z.string().trim()
+      body: z.object({
+        url: z.string().trim(),
+        bindDN: z.string().trim(),
+        bindPass: z.string().trim(),
+        caCert: z.string().trim()
      }),
      response: {
        200: z.boolean()
@@ -399,8 +402,9 @@ export const registerLdapRouter = async (server: FastifyZodProvider) => {
        orgId: req.permission.orgId,
        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
-        ldapConfigId: req.params.configId
+        ...req.body
      });
+
      return result;
    }
  });
--- a/backend/src/ee/services/ldap-config/ldap-config-service.ts
+++ b/backend/src/ee/services/ldap-config/ldap-config-service.ts
@@ -1,4 +1,5 @@
 import { ForbiddenError } from "@casl/ability";
+import { Knex } from "knex";

 import { OrgMembershipStatus, TableName, TLdapConfigsUpdate, TUsers } from "@app/db/schemas";
 import { TGroupDALFactory } from "@app/ee/services/group/group-dal";
@@ -45,7 +46,7 @@ import { searchGroups, testLDAPConfig } from "./ldap-fns";
 import { TLdapGroupMapDALFactory } from "./ldap-group-map-dal";

 type TLdapConfigServiceFactoryDep = {
-  ldapConfigDAL: Pick<TLdapConfigDALFactory, "create" | "update" | "findOne">;
+  ldapConfigDAL: Pick<TLdapConfigDALFactory, "create" | "update" | "findOne" | "transaction">;
  ldapGroupMapDAL: Pick<TLdapGroupMapDALFactory, "find" | "create" | "delete" | "findLdapGroupMapsByLdapConfigId">;
  orgMembershipDAL: Pick<TOrgMembershipDALFactory, "create">;
  orgDAL: Pick<
@@ -131,6 +132,19 @@ export const ldapConfigServiceFactory = ({
      orgId
    });

+    const isConnected = await testLDAPConfig({
+      bindDN,
+      bindPass,
+      caCert,
+      url
+    });
+
+    if (!isConnected) {
+      throw new BadRequestError({
+        message: "Failed to establish connection to LDAP directory. Please verify that your credentials are correct."
+      });
+    }
+
    const ldapConfig = await ldapConfigDAL.create({
      orgId,
      isActive,
@@ -148,6 +162,50 @@ export const ldapConfigServiceFactory = ({
    return ldapConfig;
  };

+  const getLdapCfg = async (filter: { orgId: string; isActive?: boolean; id?: string }, tx?: Knex) => {
+    const ldapConfig = await ldapConfigDAL.findOne(filter, tx);
+    if (!ldapConfig) {
+      throw new NotFoundError({
+        message: `Failed to find organization LDAP data in organization with ID '${filter.orgId}'`
+      });
+    }
+
+    const { decryptor } = await kmsService.createCipherPairWithDataKey({
+      type: KmsDataKey.Organization,
+      orgId: ldapConfig.orgId
+    });
+
+    let bindDN = "";
+    if (ldapConfig.encryptedLdapBindDN) {
+      bindDN = decryptor({ cipherTextBlob: ldapConfig.encryptedLdapBindDN }).toString();
+    }
+
+    let bindPass = "";
+    if (ldapConfig.encryptedLdapBindPass) {
+      bindPass = decryptor({ cipherTextBlob: ldapConfig.encryptedLdapBindPass }).toString();
+    }
+
+    let caCert = "";
+    if (ldapConfig.encryptedLdapCaCertificate) {
+      caCert = decryptor({ cipherTextBlob: ldapConfig.encryptedLdapCaCertificate }).toString();
+    }
+
+    return {
+      id: ldapConfig.id,
+      organization: ldapConfig.orgId,
+      isActive: ldapConfig.isActive,
+      url: ldapConfig.url,
+      bindDN,
+      bindPass,
+      uniqueUserAttribute: ldapConfig.uniqueUserAttribute,
+      searchBase: ldapConfig.searchBase,
+      searchFilter: ldapConfig.searchFilter,
+      groupSearchBase: ldapConfig.groupSearchBase,
+      groupSearchFilter: ldapConfig.groupSearchFilter,
+      caCert
+    };
+  };
+
  const updateLdapCfg = async ({
    actor,
    actorId,
@@ -202,53 +260,25 @@ export const ldapConfigServiceFactory = ({
      updateQuery.encryptedLdapCaCertificate = encryptor({ plainText: Buffer.from(caCert) }).cipherTextBlob;
    }

-    const [ldapConfig] = await ldapConfigDAL.update({ orgId }, updateQuery);
+    const config = await ldapConfigDAL.transaction(async (tx) => {
+      const [updatedLdapCfg] = await ldapConfigDAL.update({ orgId }, updateQuery, tx);
+      const decryptedLdapCfg = await getLdapCfg({ orgId }, tx);

-    return ldapConfig;
-  };
-
-  const getLdapCfg = async (filter: { orgId: string; isActive?: boolean; id?: string }) => {
-    const ldapConfig = await ldapConfigDAL.findOne(filter);
-    if (!ldapConfig) {
-      throw new NotFoundError({
-        message: `Failed to find organization LDAP data in organization with ID '${filter.orgId}'`
+      const isSoftDeletion = !decryptedLdapCfg.url && !decryptedLdapCfg.bindDN && !decryptedLdapCfg.bindPass;
+      if (!isSoftDeletion) {
+        const isConnected = await testLDAPConfig(decryptedLdapCfg);
+        if (!isConnected) {
+          throw new BadRequestError({
+            message:
+              "Failed to establish connection to LDAP directory. Please verify that your credentials are correct."
          });
        }
+      }

-    const { decryptor } = await kmsService.createCipherPairWithDataKey({
-      type: KmsDataKey.Organization,
-      orgId: ldapConfig.orgId
+      return updatedLdapCfg;
    });

-    let bindDN = "";
-    if (ldapConfig.encryptedLdapBindDN) {
-      bindDN = decryptor({ cipherTextBlob: ldapConfig.encryptedLdapBindDN }).toString();
-    }
-
-    let bindPass = "";
-    if (ldapConfig.encryptedLdapBindPass) {
-      bindPass = decryptor({ cipherTextBlob: ldapConfig.encryptedLdapBindPass }).toString();
-    }
-
-    let caCert = "";
-    if (ldapConfig.encryptedLdapCaCertificate) {
-      caCert = decryptor({ cipherTextBlob: ldapConfig.encryptedLdapCaCertificate }).toString();
-    }
-
-    return {
-      id: ldapConfig.id,
-      organization: ldapConfig.orgId,
-      isActive: ldapConfig.isActive,
-      url: ldapConfig.url,
-      bindDN,
-      bindPass,
-      uniqueUserAttribute: ldapConfig.uniqueUserAttribute,
-      searchBase: ldapConfig.searchBase,
-      searchFilter: ldapConfig.searchFilter,
-      groupSearchBase: ldapConfig.groupSearchBase,
-      groupSearchFilter: ldapConfig.groupSearchFilter,
-      caCert
-    };
+    return config;
  };

  const getLdapCfgWithPermissionCheck = async ({
@@ -694,7 +724,17 @@ export const ldapConfigServiceFactory = ({
    return deletedGroupMap;
  };

-  const testLDAPConnection = async ({ actor, actorId, orgId, actorAuthMethod, actorOrgId }: TTestLdapConnectionDTO) => {
+  const testLDAPConnection = async ({
+    actor,
+    actorId,
+    orgId,
+    actorAuthMethod,
+    actorOrgId,
+    bindDN,
+    bindPass,
+    caCert,
+    url
+  }: TTestLdapConnectionDTO) => {
    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
    ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Create, OrgPermissionSubjects.Ldap);

@@ -704,11 +744,12 @@ export const ldapConfigServiceFactory = ({
        message: "Failed to test LDAP connection due to plan restriction. Upgrade plan to test the LDAP connection."
      });

-    const ldapConfig = await getLdapCfg({
-      orgId
+    return testLDAPConfig({
+      bindDN,
+      bindPass,
+      caCert,
+      url
    });
-
-    return testLDAPConfig(ldapConfig);
  };

  return {
--- a/backend/src/ee/services/ldap-config/ldap-config-types.ts
+++ b/backend/src/ee/services/ldap-config/ldap-config-types.ts
@@ -83,6 +83,4 @@ export type TDeleteLdapGroupMapDTO = {
  ldapGroupMapId: string;
 } & TOrgPermission;

-export type TTestLdapConnectionDTO = {
-  ldapConfigId: string;
-} & TOrgPermission;
+export type TTestLdapConnectionDTO = TOrgPermission & TTestLDAPConfigDTO;
--- a/backend/src/server/routes/index.ts
+++ b/backend/src/server/routes/index.ts
@@ -45,6 +45,8 @@ import { groupServiceFactory } from "@app/ee/services/group/group-service";
 import { userGroupMembershipDALFactory } from "@app/ee/services/group/user-group-membership-dal";
 import { hsmServiceFactory } from "@app/ee/services/hsm/hsm-service";
 import { HsmModule } from "@app/ee/services/hsm/hsm-types";
+import { identityAuthTemplateDALFactory } from "@app/ee/services/identity-auth-template/identity-auth-template-dal";
+import { identityAuthTemplateServiceFactory } from "@app/ee/services/identity-auth-template/identity-auth-template-service";
 import { identityProjectAdditionalPrivilegeDALFactory } from "@app/ee/services/identity-project-additional-privilege/identity-project-additional-privilege-dal";
 import { identityProjectAdditionalPrivilegeServiceFactory } from "@app/ee/services/identity-project-additional-privilege/identity-project-additional-privilege-service";
 import { identityProjectAdditionalPrivilegeV2ServiceFactory } from "@app/ee/services/identity-project-additional-privilege-v2/identity-project-additional-privilege-v2-service";
@@ -179,8 +181,6 @@ import { identityAccessTokenDALFactory } from "@app/services/identity-access-tok
 import { identityAccessTokenServiceFactory } from "@app/services/identity-access-token/identity-access-token-service";
 import { identityAliCloudAuthDALFactory } from "@app/services/identity-alicloud-auth/identity-alicloud-auth-dal";
 import { identityAliCloudAuthServiceFactory } from "@app/services/identity-alicloud-auth/identity-alicloud-auth-service";
-import { identityAuthTemplateDALFactory } from "@app/ee/services/identity-auth-template/identity-auth-template-dal";
-import { identityAuthTemplateServiceFactory } from "@app/ee/services/identity-auth-template/identity-auth-template-service";
 import { identityAwsAuthDALFactory } from "@app/services/identity-aws-auth/identity-aws-auth-dal";
 import { identityAwsAuthServiceFactory } from "@app/services/identity-aws-auth/identity-aws-auth-service";
 import { identityAzureAuthDALFactory } from "@app/services/identity-azure-auth/identity-azure-auth-dal";
--- a/backend/src/server/routes/v3/external-migration-router.ts
+++ b/backend/src/server/routes/v3/external-migration-router.ts
@@ -19,7 +19,7 @@ export const registerExternalMigrationRouter = async (server: FastifyZodProvider
    config: {
      rateLimit: writeLimit
    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
+    onRequest: verifyAuth([AuthMode.JWT]),
    handler: async (req) => {
      const data = await req.file({
        limits: {
@@ -69,7 +69,7 @@ export const registerExternalMigrationRouter = async (server: FastifyZodProvider
        mappingType: z.nativeEnum(VaultMappingType)
      })
    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
+    onRequest: verifyAuth([AuthMode.JWT]),
    handler: async (req) => {
      await server.services.migration.importVaultData({
        actorId: req.permission.id,
--- a/backend/src/services/app-connection/shared/sql/sql-connection-fns.ts
+++ b/backend/src/services/app-connection/shared/sql/sql-connection-fns.ts
@@ -44,7 +44,8 @@ const getConnectionConfig = ({
          ? {
              trustServerCertificate: !sslRejectUnauthorized,
              encrypt: true,
-              cryptoCredentialsDetails: sslCertificate ? { ca: sslCertificate } : {}
+              cryptoCredentialsDetails: sslCertificate ? { ca: sslCertificate } : {},
+              servername: host
            }
          : { encrypt: false }
      };
--- a/backend/src/services/auth/auth-login-service.ts
+++ b/backend/src/services/auth/auth-login-service.ts
@@ -148,11 +148,17 @@ export const authLoginServiceFactory = ({

    if (organizationId) {
      const org = await orgDAL.findById(organizationId);
-      if (org && org.userTokenExpiration) {
+      if (org) {
+        await orgMembershipDAL.update(
+          { userId: user.id, orgId: org.id },
+          { lastLoginAuthMethod: authMethod, lastLoginTime: new Date() }
+        );
+        if (org.userTokenExpiration) {
          tokenSessionExpiresIn = getMinExpiresIn(cfg.JWT_AUTH_LIFETIME, org.userTokenExpiration);
          refreshTokenExpiresIn = org.userTokenExpiration;
        }
      }
+    }

    const accessToken = crypto.jwt().sign(
      {
--- a/backend/src/services/certificate-authority/internal/internal-certificate-authority-fns.ts
+++ b/backend/src/services/certificate-authority/internal/internal-certificate-authority-fns.ts
@@ -32,8 +32,8 @@ import {
  keyAlgorithmToAlgCfg
 } from "../certificate-authority-fns";
 import { TCertificateAuthoritySecretDALFactory } from "../certificate-authority-secret-dal";
-import { TIssueCertWithTemplateDTO } from "./internal-certificate-authority-types";
 import { validateAndMapAltNameType } from "../certificate-authority-validators";
+import { TIssueCertWithTemplateDTO } from "./internal-certificate-authority-types";

 type TInternalCertificateAuthorityFnsDeps = {
  certificateAuthorityDAL: Pick<TCertificateAuthorityDALFactory, "findByIdWithAssociatedCa" | "findById">;
--- a/backend/src/services/certificate-authority/internal/internal-certificate-authority-service.ts
+++ b/backend/src/services/certificate-authority/internal/internal-certificate-authority-service.ts
@@ -52,6 +52,7 @@ import {
 } from "../certificate-authority-fns";
 import { TCertificateAuthorityQueueFactory } from "../certificate-authority-queue";
 import { TCertificateAuthoritySecretDALFactory } from "../certificate-authority-secret-dal";
+import { validateAndMapAltNameType } from "../certificate-authority-validators";
 import { TInternalCertificateAuthorityDALFactory } from "./internal-certificate-authority-dal";
 import {
  TCreateCaDTO,
@@ -68,7 +69,6 @@ import {
  TSignIntermediateDTO,
  TUpdateCaDTO
 } from "./internal-certificate-authority-types";
-import { validateAndMapAltNameType } from "../certificate-authority-validators";

 type TInternalCertificateAuthorityServiceFactoryDep = {
  certificateAuthorityDAL: Pick<
--- a/backend/src/services/external-migration/external-migration-fns/vault.ts
+++ b/backend/src/services/external-migration/external-migration-fns/vault.ts
@@ -254,9 +254,7 @@ export const transformToInfisicalFormatNamespaceToProjects = (
    let currentFolderId: string | undefined;
    let currentPath = "";

-    if (path.includes("/")) {
    const pathParts = path.split("/").filter(Boolean);
-
    const folderParts = pathParts;

    // create nested folder structure for the entire path
@@ -278,7 +276,6 @@ export const transformToInfisicalFormatNamespaceToProjects = (
        currentFolderId = folderMap.get(folderKey)!;
      }
    }
-    }

    for (const [key, value] of Object.entries(secretData)) {
      secrets.push({
--- a/backend/src/services/identity-alicloud-auth/identity-alicloud-auth-service.ts
+++ b/backend/src/services/identity-alicloud-auth/identity-alicloud-auth-service.ts
@@ -38,7 +38,7 @@ type TIdentityAliCloudAuthServiceFactoryDep = {
    TIdentityAliCloudAuthDALFactory,
    "findOne" | "transaction" | "create" | "updateById" | "delete"
  >;
-  identityOrgMembershipDAL: Pick<TIdentityOrgDALFactory, "findOne">;
+  identityOrgMembershipDAL: Pick<TIdentityOrgDALFactory, "findOne" | "updateById">;
  licenseService: Pick<TLicenseServiceFactory, "getPlan">;
  permissionService: Pick<TPermissionServiceFactory, "getOrgPermission">;
 };
@@ -64,6 +64,8 @@ export const identityAliCloudAuthServiceFactory = ({
      identityId: identityAliCloudAuth.identityId
    });

+    if (!identityMembershipOrg) throw new UnauthorizedError({ message: "Identity not attached to a organization" });
+
    const requestUrl = new URL("https://sts.aliyuncs.com");

    for (const key of Object.keys(params)) {
@@ -87,6 +89,14 @@ export const identityAliCloudAuthServiceFactory = ({

    // Generate the token
    const identityAccessToken = await identityAliCloudAuthDAL.transaction(async (tx) => {
+      await identityOrgMembershipDAL.updateById(
+        identityMembershipOrg.id,
+        {
+          lastLoginAuthMethod: IdentityAuthMethod.ALICLOUD_AUTH,
+          lastLoginTime: new Date()
+        },
+        tx
+      );
      const newToken = await identityAccessTokenDAL.create(
        {
          identityId: identityAliCloudAuth.identityId,
--- a/backend/src/services/identity-aws-auth/identity-aws-auth-service.ts
+++ b/backend/src/services/identity-aws-auth/identity-aws-auth-service.ts
@@ -36,7 +36,7 @@ import {
 type TIdentityAwsAuthServiceFactoryDep = {
  identityAccessTokenDAL: Pick<TIdentityAccessTokenDALFactory, "create" | "delete">;
  identityAwsAuthDAL: Pick<TIdentityAwsAuthDALFactory, "findOne" | "transaction" | "create" | "updateById" | "delete">;
-  identityOrgMembershipDAL: Pick<TIdentityOrgDALFactory, "findOne">;
+  identityOrgMembershipDAL: Pick<TIdentityOrgDALFactory, "findOne" | "updateById">;
  licenseService: Pick<TLicenseServiceFactory, "getPlan">;
  permissionService: Pick<TPermissionServiceFactory, "getOrgPermission">;
 };
@@ -91,6 +91,7 @@ export const identityAwsAuthServiceFactory = ({
    }

    const identityMembershipOrg = await identityOrgMembershipDAL.findOne({ identityId: identityAwsAuth.identityId });
+    if (!identityMembershipOrg) throw new UnauthorizedError({ message: "Identity not attached to a organization" });

    const headers: TAwsGetCallerIdentityHeaders = JSON.parse(Buffer.from(iamRequestHeaders, "base64").toString());
    const body: string = Buffer.from(iamRequestBody, "base64").toString();
@@ -152,6 +153,14 @@ export const identityAwsAuthServiceFactory = ({
    }

    const identityAccessToken = await identityAwsAuthDAL.transaction(async (tx) => {
+      await identityOrgMembershipDAL.updateById(
+        identityMembershipOrg.id,
+        {
+          lastLoginAuthMethod: IdentityAuthMethod.AWS_AUTH,
+          lastLoginTime: new Date()
+        },
+        tx
+      );
      const newToken = await identityAccessTokenDAL.create(
        {
          identityId: identityAwsAuth.identityId,
--- a/backend/src/services/identity-azure-auth/identity-azure-auth-service.ts
+++ b/backend/src/services/identity-azure-auth/identity-azure-auth-service.ts
@@ -33,7 +33,7 @@ type TIdentityAzureAuthServiceFactoryDep = {
    TIdentityAzureAuthDALFactory,
    "findOne" | "transaction" | "create" | "updateById" | "delete"
  >;
-  identityOrgMembershipDAL: Pick<TIdentityOrgDALFactory, "findOne">;
+  identityOrgMembershipDAL: Pick<TIdentityOrgDALFactory, "findOne" | "updateById">;
  identityAccessTokenDAL: Pick<TIdentityAccessTokenDALFactory, "create" | "delete">;
  permissionService: Pick<TPermissionServiceFactory, "getOrgPermission">;
  licenseService: Pick<TLicenseServiceFactory, "getPlan">;
@@ -80,6 +80,14 @@ export const identityAzureAuthServiceFactory = ({
    }

    const identityAccessToken = await identityAzureAuthDAL.transaction(async (tx) => {
+      await identityOrgMembershipDAL.updateById(
+        identityMembershipOrg.id,
+        {
+          lastLoginAuthMethod: IdentityAuthMethod.AZURE_AUTH,
+          lastLoginTime: new Date()
+        },
+        tx
+      );
      const newToken = await identityAccessTokenDAL.create(
        {
          identityId: identityAzureAuth.identityId,
--- a/backend/src/services/identity-gcp-auth/identity-gcp-auth-service.ts
+++ b/backend/src/services/identity-gcp-auth/identity-gcp-auth-service.ts
@@ -31,7 +31,7 @@ import {

 type TIdentityGcpAuthServiceFactoryDep = {
  identityGcpAuthDAL: Pick<TIdentityGcpAuthDALFactory, "findOne" | "transaction" | "create" | "updateById" | "delete">;
-  identityOrgMembershipDAL: Pick<TIdentityOrgDALFactory, "findOne">;
+  identityOrgMembershipDAL: Pick<TIdentityOrgDALFactory, "findOne" | "updateById">;
  identityAccessTokenDAL: Pick<TIdentityAccessTokenDALFactory, "create" | "delete">;
  permissionService: Pick<TPermissionServiceFactory, "getOrgPermission">;
  licenseService: Pick<TLicenseServiceFactory, "getPlan">;
@@ -119,6 +119,14 @@ export const identityGcpAuthServiceFactory = ({
    }

    const identityAccessToken = await identityGcpAuthDAL.transaction(async (tx) => {
+      await identityOrgMembershipDAL.updateById(
+        identityMembershipOrg.id,
+        {
+          lastLoginAuthMethod: IdentityAuthMethod.GCP_AUTH,
+          lastLoginTime: new Date()
+        },
+        tx
+      );
      const newToken = await identityAccessTokenDAL.create(
        {
          identityId: identityGcpAuth.identityId,
--- a/backend/src/services/identity-jwt-auth/identity-jwt-auth-service.ts
+++ b/backend/src/services/identity-jwt-auth/identity-jwt-auth-service.ts
@@ -43,7 +43,7 @@ import {

 type TIdentityJwtAuthServiceFactoryDep = {
  identityJwtAuthDAL: TIdentityJwtAuthDALFactory;
-  identityOrgMembershipDAL: Pick<TIdentityOrgDALFactory, "findOne">;
+  identityOrgMembershipDAL: Pick<TIdentityOrgDALFactory, "findOne" | "updateById">;
  identityAccessTokenDAL: Pick<TIdentityAccessTokenDALFactory, "create" | "delete">;
  permissionService: Pick<TPermissionServiceFactory, "getOrgPermission">;
  licenseService: Pick<TLicenseServiceFactory, "getPlan">;
@@ -209,6 +209,14 @@ export const identityJwtAuthServiceFactory = ({
    }

    const identityAccessToken = await identityJwtAuthDAL.transaction(async (tx) => {
+      await identityOrgMembershipDAL.updateById(
+        identityMembershipOrg.id,
+        {
+          lastLoginAuthMethod: IdentityAuthMethod.JWT_AUTH,
+          lastLoginTime: new Date()
+        },
+        tx
+      );
      const newToken = await identityAccessTokenDAL.create(
        {
          identityId: identityJwtAuth.identityId,
--- a/backend/src/services/identity-kubernetes-auth/identity-kubernetes-auth-service.ts
+++ b/backend/src/services/identity-kubernetes-auth/identity-kubernetes-auth-service.ts
@@ -49,7 +49,7 @@ type TIdentityKubernetesAuthServiceFactoryDep = {
    "create" | "findOne" | "transaction" | "updateById" | "delete"
  >;
  identityAccessTokenDAL: Pick<TIdentityAccessTokenDALFactory, "create" | "delete">;
-  identityOrgMembershipDAL: Pick<TIdentityOrgDALFactory, "findOne" | "findById">;
+  identityOrgMembershipDAL: Pick<TIdentityOrgDALFactory, "findOne" | "findById" | "updateById">;
  permissionService: Pick<TPermissionServiceFactory, "getOrgPermission">;
  licenseService: Pick<TLicenseServiceFactory, "getPlan">;
  kmsService: Pick<TKmsServiceFactory, "createCipherPairWithDataKey">;
@@ -380,6 +380,14 @@ export const identityKubernetesAuthServiceFactory = ({
    }

    const identityAccessToken = await identityKubernetesAuthDAL.transaction(async (tx) => {
+      await identityOrgMembershipDAL.updateById(
+        identityMembershipOrg.id,
+        {
+          lastLoginAuthMethod: IdentityAuthMethod.KUBERNETES_AUTH,
+          lastLoginTime: new Date()
+        },
+        tx
+      );
      const newToken = await identityAccessTokenDAL.create(
        {
          identityId: identityKubernetesAuth.identityId,
--- a/backend/src/services/identity-ldap-auth/identity-ldap-auth-service.ts
+++ b/backend/src/services/identity-ldap-auth/identity-ldap-auth-service.ts
@@ -44,7 +44,7 @@ type TIdentityLdapAuthServiceFactoryDep = {
    TIdentityLdapAuthDALFactory,
    "findOne" | "transaction" | "create" | "updateById" | "delete"
  >;
-  identityOrgMembershipDAL: Pick<TIdentityOrgDALFactory, "findOne">;
+  identityOrgMembershipDAL: Pick<TIdentityOrgDALFactory, "findOne" | "updateById">;
  licenseService: Pick<TLicenseServiceFactory, "getPlan">;
  permissionService: Pick<TPermissionServiceFactory, "getOrgPermission">;
  kmsService: TKmsServiceFactory;
@@ -144,6 +144,14 @@ export const identityLdapAuthServiceFactory = ({
    }

    const identityAccessToken = await identityLdapAuthDAL.transaction(async (tx) => {
+      await identityOrgMembershipDAL.updateById(
+        identityMembershipOrg.id,
+        {
+          lastLoginAuthMethod: IdentityAuthMethod.LDAP_AUTH,
+          lastLoginTime: new Date()
+        },
+        tx
+      );
      const newToken = await identityAccessTokenDAL.create(
        {
          identityId: identityLdapAuth.identityId,
--- a/backend/src/services/identity-oci-auth/identity-oci-auth-service.ts
+++ b/backend/src/services/identity-oci-auth/identity-oci-auth-service.ts
@@ -36,7 +36,7 @@ import {
 type TIdentityOciAuthServiceFactoryDep = {
  identityAccessTokenDAL: Pick<TIdentityAccessTokenDALFactory, "create" | "delete">;
  identityOciAuthDAL: Pick<TIdentityOciAuthDALFactory, "findOne" | "transaction" | "create" | "updateById" | "delete">;
-  identityOrgMembershipDAL: Pick<TIdentityOrgDALFactory, "findOne">;
+  identityOrgMembershipDAL: Pick<TIdentityOrgDALFactory, "findOne" | "updateById">;
  licenseService: Pick<TLicenseServiceFactory, "getPlan">;
  permissionService: Pick<TPermissionServiceFactory, "getOrgPermission">;
 };
@@ -57,6 +57,7 @@ export const identityOciAuthServiceFactory = ({
    }

    const identityMembershipOrg = await identityOrgMembershipDAL.findOne({ identityId: identityOciAuth.identityId });
+    if (!identityMembershipOrg) throw new UnauthorizedError({ message: "Identity not attached to a organization" });

    // Validate OCI host format. Ensures that the host is in "identity.<region>.oraclecloud.com" format.
    if (!headers.host || !new RE2("^identity\\.([a-z]{2}-[a-z]+-[1-9])\\.oraclecloud\\.com$").test(headers.host)) {
@@ -91,6 +92,14 @@ export const identityOciAuthServiceFactory = ({

    // Generate the token
    const identityAccessToken = await identityOciAuthDAL.transaction(async (tx) => {
+      await identityOrgMembershipDAL.updateById(
+        identityMembershipOrg.id,
+        {
+          lastLoginAuthMethod: IdentityAuthMethod.OCI_AUTH,
+          lastLoginTime: new Date()
+        },
+        tx
+      );
      const newToken = await identityAccessTokenDAL.create(
        {
          identityId: identityOciAuth.identityId,
--- a/backend/src/services/identity-oidc-auth/identity-oidc-auth-service.ts
+++ b/backend/src/services/identity-oidc-auth/identity-oidc-auth-service.ts
@@ -43,7 +43,7 @@ import {

 type TIdentityOidcAuthServiceFactoryDep = {
  identityOidcAuthDAL: TIdentityOidcAuthDALFactory;
-  identityOrgMembershipDAL: Pick<TIdentityOrgDALFactory, "findOne">;
+  identityOrgMembershipDAL: Pick<TIdentityOrgDALFactory, "findOne" | "updateById">;
  identityAccessTokenDAL: Pick<TIdentityAccessTokenDALFactory, "create" | "delete">;
  permissionService: Pick<TPermissionServiceFactory, "getOrgPermission">;
  licenseService: Pick<TLicenseServiceFactory, "getPlan">;
@@ -178,6 +178,14 @@ export const identityOidcAuthServiceFactory = ({
    }

    const identityAccessToken = await identityOidcAuthDAL.transaction(async (tx) => {
+      await identityOrgMembershipDAL.updateById(
+        identityMembershipOrg.id,
+        {
+          lastLoginAuthMethod: IdentityAuthMethod.OIDC_AUTH,
+          lastLoginTime: new Date()
+        },
+        tx
+      );
      const newToken = await identityAccessTokenDAL.create(
        {
          identityId: identityOidcAuth.identityId,
--- a/backend/src/services/identity-tls-cert-auth/identity-tls-cert-auth-service.ts
+++ b/backend/src/services/identity-tls-cert-auth/identity-tls-cert-auth-service.ts
@@ -30,7 +30,7 @@ type TIdentityTlsCertAuthServiceFactoryDep = {
    TIdentityTlsCertAuthDALFactory,
    "findOne" | "transaction" | "create" | "updateById" | "delete"
  >;
-  identityOrgMembershipDAL: Pick<TIdentityOrgDALFactory, "findOne">;
+  identityOrgMembershipDAL: Pick<TIdentityOrgDALFactory, "findOne" | "updateById">;
  licenseService: Pick<TLicenseServiceFactory, "getPlan">;
  permissionService: Pick<TPermissionServiceFactory, "getOrgPermission">;
  kmsService: Pick<TKmsServiceFactory, "createCipherPairWithDataKey">;
@@ -118,6 +118,14 @@ export const identityTlsCertAuthServiceFactory = ({

    // Generate the token
    const identityAccessToken = await identityTlsCertAuthDAL.transaction(async (tx) => {
+      await identityOrgMembershipDAL.updateById(
+        identityMembershipOrg.id,
+        {
+          lastLoginAuthMethod: IdentityAuthMethod.TLS_CERT_AUTH,
+          lastLoginTime: new Date()
+        },
+        tx
+      );
      const newToken = await identityAccessTokenDAL.create(
        {
          identityId: identityTlsCertAuth.identityId,
--- a/backend/src/services/identity-token-auth/identity-token-auth-service.ts
+++ b/backend/src/services/identity-token-auth/identity-token-auth-service.ts
@@ -35,7 +35,7 @@ type TIdentityTokenAuthServiceFactoryDep = {
    TIdentityTokenAuthDALFactory,
    "transaction" | "create" | "findOne" | "updateById" | "delete"
  >;
-  identityOrgMembershipDAL: Pick<TIdentityOrgDALFactory, "findOne">;
+  identityOrgMembershipDAL: Pick<TIdentityOrgDALFactory, "findOne" | "updateById">;
  identityAccessTokenDAL: Pick<
    TIdentityAccessTokenDALFactory,
    "create" | "find" | "update" | "findById" | "findOne" | "updateById" | "delete"
@@ -345,6 +345,14 @@ export const identityTokenAuthServiceFactory = ({
    const identityTokenAuth = await identityTokenAuthDAL.findOne({ identityId });

    const identityAccessToken = await identityTokenAuthDAL.transaction(async (tx) => {
+      await identityOrgMembershipDAL.updateById(
+        identityMembershipOrg.id,
+        {
+          lastLoginAuthMethod: IdentityAuthMethod.TOKEN_AUTH,
+          lastLoginTime: new Date()
+        },
+        tx
+      );
      const newToken = await identityAccessTokenDAL.create(
        {
          identityId: identityTokenAuth.identityId,
--- a/backend/src/services/identity-ua/identity-ua-service.ts
+++ b/backend/src/services/identity-ua/identity-ua-service.ts
@@ -59,6 +59,11 @@ export const identityUaServiceFactory = ({
    }

    const identityMembershipOrg = await identityOrgMembershipDAL.findOne({ identityId: identityUa.identityId });
+    if (!identityMembershipOrg) {
+      throw new NotFoundError({
+        message: "No identity with the org membership was found"
+      });
+    }

    checkIPAgainstBlocklist({
      ipAddress: ip,
@@ -127,7 +132,14 @@ export const identityUaServiceFactory = ({

    const identityAccessToken = await identityUaDAL.transaction(async (tx) => {
      const uaClientSecretDoc = await identityUaClientSecretDAL.incrementUsage(validClientSecretInfo!.id, tx);
-
+      await identityOrgMembershipDAL.updateById(
+        identityMembershipOrg.id,
+        {
+          lastLoginAuthMethod: IdentityAuthMethod.UNIVERSAL_AUTH,
+          lastLoginTime: new Date()
+        },
+        tx
+      );
      const newToken = await identityAccessTokenDAL.create(
        {
          identityId: identityUa.identityId,
--- a/backend/src/services/identity/identity-org-dal.ts
+++ b/backend/src/services/identity/identity-org-dal.ts
@@ -254,6 +254,8 @@ export const identityOrgDALFactory = (db: TDbClient) => {
          db.ref("role").withSchema("paginatedIdentity"),
          db.ref("roleId").withSchema("paginatedIdentity"),
          db.ref("orgId").withSchema("paginatedIdentity"),
+          db.ref("lastLoginAuthMethod").withSchema("paginatedIdentity"),
+          db.ref("lastLoginTime").withSchema("paginatedIdentity"),
          db.ref("createdAt").withSchema("paginatedIdentity"),
          db.ref("updatedAt").withSchema("paginatedIdentity"),
          db.ref("identityId").withSchema("paginatedIdentity").as("identityId"),
@@ -319,7 +321,9 @@ export const identityOrgDALFactory = (db: TDbClient) => {
          ldapId,
          tlsCertId,
          createdAt,
-          updatedAt
+          updatedAt,
+          lastLoginAuthMethod,
+          lastLoginTime
        }) => ({
          role,
          roleId,
@@ -328,6 +332,8 @@ export const identityOrgDALFactory = (db: TDbClient) => {
          orgId,
          createdAt,
          updatedAt,
+          lastLoginAuthMethod,
+          lastLoginTime,
          customRole: roleId
            ? {
                id: crId,
@@ -497,6 +503,8 @@ export const identityOrgDALFactory = (db: TDbClient) => {
          db.ref("orgId").withSchema(TableName.IdentityOrgMembership),
          db.ref("createdAt").withSchema(TableName.IdentityOrgMembership),
          db.ref("updatedAt").withSchema(TableName.IdentityOrgMembership),
+          db.ref("lastLoginAuthMethod").withSchema(TableName.IdentityOrgMembership),
+          db.ref("lastLoginTime").withSchema(TableName.IdentityOrgMembership),
          db.ref("identityId").withSchema(TableName.IdentityOrgMembership).as("identityId"),
          db.ref("name").withSchema(TableName.Identity).as("identityName"),
          db.ref("hasDeleteProtection").withSchema(TableName.Identity),
@@ -576,7 +584,9 @@ export const identityOrgDALFactory = (db: TDbClient) => {
          tokenId,
          ldapId,
          createdAt,
-          updatedAt
+          updatedAt,
+          lastLoginTime,
+          lastLoginAuthMethod
        }) => ({
          role,
          roleId,
@@ -586,6 +596,8 @@ export const identityOrgDALFactory = (db: TDbClient) => {
          orgId,
          createdAt,
          updatedAt,
+          lastLoginTime,
+          lastLoginAuthMethod,
          customRole: roleId
            ? {
                id: crId,
--- a/backend/src/services/org-membership/org-membership-dal.ts
+++ b/backend/src/services/org-membership/org-membership-dal.ts
@@ -32,6 +32,8 @@ export const orgMembershipDALFactory = (db: TDbClient) => {
          db.ref("roleId").withSchema(TableName.OrgMembership),
          db.ref("status").withSchema(TableName.OrgMembership),
          db.ref("isActive").withSchema(TableName.OrgMembership),
+          db.ref("lastLoginAuthMethod").withSchema(TableName.OrgMembership),
+          db.ref("lastLoginTime").withSchema(TableName.OrgMembership),
          db.ref("email").withSchema(TableName.Users),
          db.ref("username").withSchema(TableName.Users),
          db.ref("firstName").withSchema(TableName.Users),
@@ -64,7 +66,9 @@ export const orgMembershipDALFactory = (db: TDbClient) => {
          role,
          status,
          isActive,
-          inviteEmail
+          inviteEmail,
+          lastLoginAuthMethod,
+          lastLoginTime
        }) => ({
          roleId,
          orgId,
@@ -73,6 +77,8 @@ export const orgMembershipDALFactory = (db: TDbClient) => {
          status,
          isActive,
          inviteEmail,
+          lastLoginAuthMethod,
+          lastLoginTime,
          user: {
            id: userId,
            email,
--- a/backend/src/services/org/org-dal.ts
+++ b/backend/src/services/org/org-dal.ts
@@ -285,6 +285,8 @@ export const orgDALFactory = (db: TDbClient) => {
          db.ref("roleId").withSchema(TableName.OrgMembership),
          db.ref("status").withSchema(TableName.OrgMembership),
          db.ref("isActive").withSchema(TableName.OrgMembership),
+          db.ref("lastLoginAuthMethod").withSchema(TableName.OrgMembership),
+          db.ref("lastLoginTime").withSchema(TableName.OrgMembership),
          db.ref("email").withSchema(TableName.Users),
          db.ref("isEmailVerified").withSchema(TableName.Users),
          db.ref("username").withSchema(TableName.Users),
--- a/frontend/src/components/organization/LastLoginSection/LastLoginSection.tsx
+++ b/frontend/src/components/organization/LastLoginSection/LastLoginSection.tsx
@@ -0,0 +1,34 @@
+import { faClock, faShield } from "@fortawesome/free-solid-svg-icons";
+import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
+import { format } from "date-fns";
+
+type Props = {
+  lastLoginAuthMethod: string;
+  lastLoginTime: string;
+};
+
+export const LastLoginSection = ({ lastLoginTime, lastLoginAuthMethod }: Props) => (
+  <div>
+    <div className="mb-2 flex items-center gap-2 border-b border-mineshaft-600 pb-1">
+      <div className="font-medium">Last Login</div>
+    </div>
+    <div className="mb-2 flex items-center gap-2 text-sm">
+      <div className="flex items-center justify-center rounded bg-mineshaft-700 p-3">
+        <FontAwesomeIcon icon={faShield} className="h-4 w-4" />
+      </div>
+      <div className="flex flex-col">
+        <div className="text-sm font-medium">Authentication Method</div>
+        <div className="text-sm">{lastLoginAuthMethod}</div>
+      </div>
+    </div>
+    <div className="flex items-center gap-2 text-sm">
+      <div className="flex items-center justify-center rounded bg-mineshaft-700 p-3">
+        <FontAwesomeIcon icon={faClock} className="h-4 w-4" />
+      </div>
+      <div className="flex flex-col">
+        <div className="text-sm font-medium">Time</div>
+        <div className="text-sm">{format(lastLoginTime, "PPpp")} </div>
+      </div>
+    </div>
+  </div>
+);
--- a/frontend/src/components/organization/LastLoginSection/index.tsx
+++ b/frontend/src/components/organization/LastLoginSection/index.tsx
@@ -0,0 +1 @@
+export { LastLoginSection } from "./LastLoginSection";
--- a/frontend/src/components/v2/Badge/Badge.tsx
+++ b/frontend/src/components/v2/Badge/Badge.tsx
@@ -1,3 +1,4 @@
+import { forwardRef } from "react";
 import { cva, VariantProps } from "cva";
 import { twMerge } from "tailwind-merge";

@@ -24,13 +25,16 @@ const badgeVariants = cva(

 export type BadgeProps = VariantProps<typeof badgeVariants> & IProps;

-export const Badge = ({ children, className, variant, ...props }: BadgeProps) => {
+export const Badge = forwardRef<HTMLDivElement, BadgeProps>(
+  ({ children, className, variant, ...props }, ref) => {
    return (
      <div
        className={twMerge(badgeVariants({ variant: variant || "primary" }), className)}
        {...props}
+        ref={ref}
      >
        {children}
      </div>
    );
-};
+  }
+);
--- a/frontend/src/hooks/api/identities/types.ts
+++ b/frontend/src/hooks/api/identities/types.ts
@@ -41,6 +41,8 @@ export type IdentityMembershipOrg = {
  id: string;
  identity: Identity;
  organization: string;
+  lastLoginAuthMethod?: IdentityAuthMethod;
+  lastLoginTime?: string;
  metadata: { key: string; value: string; id: string }[];
  role: "admin" | "member" | "viewer" | "no-access" | "custom";
  customRole?: TOrgRole;
--- a/frontend/src/hooks/api/ldapConfig/mutations.tsx
+++ b/frontend/src/hooks/api/ldapConfig/mutations.tsx
@@ -151,10 +151,23 @@ export const useDeleteLDAPGroupMapping = () => {

 export const useTestLDAPConnection = () => {
  return useMutation({
-    mutationFn: async (ldapConfigId: string) => {
-      const { data } = await apiRequest.post<boolean>(
-        `/api/v1/ldap/config/${ldapConfigId}/test-connection`
-      );
+    mutationFn: async ({
+      url,
+      bindDN,
+      bindPass,
+      caCert
+    }: {
+      url: string;
+      bindDN: string;
+      bindPass: string;
+      caCert: string;
+    }) => {
+      const { data } = await apiRequest.post<boolean>("/api/v1/ldap/config/test-connection", {
+        url,
+        bindDN,
+        bindPass,
+        caCert
+      });
      return data;
    }
  });
--- a/frontend/src/hooks/api/users/types.ts
+++ b/frontend/src/hooks/api/users/types.ts
@@ -68,6 +68,8 @@ export type OrgUser = {
  deniedPermissions: any[];
  roleId: string;
  isActive: boolean;
+  lastLoginAuthMethod?: AuthMethod;
+  lastLoginTime?: string;
 };

 export type TProjectMembership = {
--- a/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityTable.tsx
+++ b/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityTable.tsx
@@ -7,6 +7,7 @@ import {
  faEdit,
  faEllipsisV,
  faFilter,
+  faInfoCircle,
  faMagnifyingGlass,
  faServer,
  faTrash
@@ -16,6 +17,7 @@ import { useNavigate } from "@tanstack/react-router";
 import { twMerge } from "tailwind-merge";

 import { createNotification } from "@app/components/notifications";
+import { LastLoginSection } from "@app/components/organization/LastLoginSection";
 import { OrgPermissionCan } from "@app/components/permissions";
 import {
  DropdownMenu,
@@ -40,6 +42,7 @@ import {
  Td,
  Th,
  THead,
+  Tooltip,
  Tr
 } from "@app/components/v2";
 import { OrgPermissionIdentityActions, OrgPermissionSubjects, useOrganization } from "@app/context";
@@ -49,7 +52,12 @@ import {
  setUserTablePreference
 } from "@app/helpers/userTablePreferences";
 import { usePagination, useResetPageHelper } from "@app/hooks";
-import { useGetOrgRoles, useSearchIdentities, useUpdateIdentity } from "@app/hooks/api";
+import {
+  identityAuthToNameMap,
+  useGetOrgRoles,
+  useSearchIdentities,
+  useUpdateIdentity
+} from "@app/hooks/api";
 import { OrderByDirection } from "@app/hooks/api/generic/types";
 import { OrgIdentityOrderBy } from "@app/hooks/api/organization/types";
 import { UsePopUpState } from "@app/hooks/usePopUp";
@@ -284,7 +292,14 @@ export const IdentityTable = ({ handlePopUpOpen }: Props) => {
          <TBody>
            {isPending && <TableSkeleton columns={3} innerKey="org-identities" />}
            {!isPending &&
-              data?.identities?.map(({ identity: { id, name }, role, customRole }) => {
+              data?.identities?.map(
+                ({
+                  identity: { id, name },
+                  role,
+                  customRole,
+                  lastLoginAuthMethod,
+                  lastLoginTime
+                }) => {
                  return (
                    <Tr
                      className="h-10 cursor-pointer transition-colors duration-100 hover:bg-mineshaft-700"
@@ -298,7 +313,25 @@ export const IdentityTable = ({ handlePopUpOpen }: Props) => {
                        })
                      }
                    >
-                    <Td>{name}</Td>
+                      <Td className="group">
+                        {name}
+                        {lastLoginAuthMethod && lastLoginTime && (
+                          <Tooltip
+                            className="min-w-52 max-w-96 px-3"
+                            content={
+                              <LastLoginSection
+                                lastLoginAuthMethod={identityAuthToNameMap[lastLoginAuthMethod]}
+                                lastLoginTime={lastLoginTime}
+                              />
+                            }
+                          >
+                            <FontAwesomeIcon
+                              icon={faInfoCircle}
+                              className="ml-2 text-mineshaft-400 opacity-0 transition-all group-hover:opacity-100"
+                            />
+                          </Tooltip>
+                        )}
+                      </Td>
                      <Td>
                        <OrgPermissionCan
                          I={OrgPermissionIdentityActions.Edit}
@@ -389,7 +422,8 @@ export const IdentityTable = ({ handlePopUpOpen }: Props) => {
                      </Td>
                    </Tr>
                  );
-              })}
+                }
+              )}
          </TBody>
        </Table>
        {!isPending && data && totalCount > 0 && (
--- a/frontend/src/pages/organization/AccessManagementPage/components/OrgMembersTab/components/OrgMembersSection/OrgMembersTable.tsx
+++ b/frontend/src/pages/organization/AccessManagementPage/components/OrgMembersTab/components/OrgMembersSection/OrgMembersTable.tsx
@@ -7,6 +7,7 @@ import {
  faEdit,
  faEllipsisV,
  faFilter,
+  faInfoCircle,
  faMagnifyingGlass,
  faSearch,
  faUsers,
@@ -19,6 +20,7 @@ import { useNavigate } from "@tanstack/react-router";
 import { twMerge } from "tailwind-merge";

 import { createNotification } from "@app/components/notifications";
+import { LastLoginSection } from "@app/components/organization/LastLoginSection";
 import { OrgPermissionCan } from "@app/components/permissions";
 import {
  Badge,
@@ -471,7 +473,17 @@ export const OrgMembersTable = ({
            {isLoading && <TableSkeleton columns={5} innerKey="org-members" />}
            {!isLoading &&
              filteredMembersPage.map(
-                ({ user: u, inviteEmail, role, roleId, id: orgMembershipId, status, isActive }) => {
+                ({
+                  user: u,
+                  inviteEmail,
+                  role,
+                  roleId,
+                  id: orgMembershipId,
+                  status,
+                  isActive,
+                  lastLoginAuthMethod,
+                  lastLoginTime
+                }) => {
                  const name =
                    u && u.firstName ? `${u.firstName} ${u.lastName ?? ""}`.trim() : null;
                  const email = u?.email || inviteEmail;
@@ -504,7 +516,9 @@ export const OrgMembersTable = ({
                          }}
                        />
                      </Td>
-                      <Td className={twMerge("max-w-0", isActive ? "" : "text-mineshaft-400")}>
+                      <Td
+                        className={twMerge("group max-w-0", isActive ? "" : "text-mineshaft-400")}
+                      >
                        <div className="flex items-center">
                          <p className="truncate">
                            {name ?? <span className="text-mineshaft-400">Not Set</span>}
@@ -517,6 +531,22 @@ export const OrgMembersTable = ({
                              </Tooltip>
                            </Badge>
                          )}
+                          {lastLoginAuthMethod && lastLoginTime && (
+                            <Tooltip
+                              className="min-w-52 max-w-96 px-3"
+                              content={
+                                <LastLoginSection
+                                  lastLoginAuthMethod={lastLoginAuthMethod}
+                                  lastLoginTime={lastLoginTime}
+                                />
+                              }
+                            >
+                              <FontAwesomeIcon
+                                icon={faInfoCircle}
+                                className="ml-2 text-mineshaft-400 opacity-0 transition-all group-hover:opacity-100"
+                              />
+                            </Tooltip>
+                          )}
                        </div>
                      </Td>
                      <Td className={twMerge("max-w-0", isActive ? "" : "text-mineshaft-400")}>
--- a/frontend/src/pages/organization/AuditLogsPage/components/LogsFilter.tsx
+++ b/frontend/src/pages/organization/AuditLogsPage/components/LogsFilter.tsx
@@ -119,7 +119,7 @@ export const LogsFilter = ({ presets, setFilter, filter, project }: Props) => {
          )}
        </Button>
      </DropdownMenuTrigger>
-      <DropdownMenuContent align="end" className="mt-4 py-4">
+      <DropdownMenuContent align="end" className="mt-4 overflow-visible py-4">
        <form onSubmit={handleSubmit(setFilter)}>
          <div className="flex min-w-64 flex-col font-inter">
            <div className="mb-3 flex items-center border-b border-b-mineshaft-500 px-3 pb-2">
@@ -176,7 +176,8 @@ export const LogsFilter = ({ presets, setFilter, filter, project }: Props) => {
                          </div>
                        </DropdownMenuTrigger>
                        <DropdownMenuContent
-                          align="start"
+                          align="end"
+                          sideOffset={2}
                          className="thin-scrollbar z-[100] max-h-80 overflow-hidden"
                        >
                          <div className="max-h-80 overflow-y-auto">
@@ -258,6 +259,7 @@ export const LogsFilter = ({ presets, setFilter, filter, project }: Props) => {
                          else setValue("userAgentType", e as UserAgentType, { shouldDirty: true });
                        }}
                        className={twMerge("w-full border border-mineshaft-500 bg-mineshaft-700")}
+                        position="popper"
                      >
                        <SelectItem value="all" key="all">
                          All sources
@@ -319,7 +321,6 @@ export const LogsFilter = ({ presets, setFilter, filter, project }: Props) => {
              <AnimatePresence initial={false}>
                {showSecretsSection && (
                  <motion.div
-                    className="overflow-hidden"
                    initial={{ opacity: 0, height: 0 }}
                    animate={{ opacity: 1, height: "auto" }}
                    exit={{ opacity: 0, height: 0 }}
@@ -352,6 +353,7 @@ export const LogsFilter = ({ presets, setFilter, filter, project }: Props) => {
                          >
                            <FilterableSelect
                              value={value}
+                              menuPlacement="top"
                              key={value?.name || "filter-environment"}
                              isClearable
                              isDisabled={!selectedProject}
--- a/frontend/src/pages/organization/IdentityDetailsByIDPage/components/IdentityDetailsSection.tsx
+++ b/frontend/src/pages/organization/IdentityDetailsByIDPage/components/IdentityDetailsSection.tsx
@@ -7,6 +7,7 @@ import {
  faTrash
 } from "@fortawesome/free-solid-svg-icons";
 import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
+import { format } from "date-fns";
 import { twMerge } from "tailwind-merge";

 import { OrgPermissionCan } from "@app/components/permissions";
@@ -22,7 +23,7 @@ import {
 } from "@app/components/v2";
 import { OrgPermissionIdentityActions, OrgPermissionSubjects } from "@app/context";
 import { useTimedReset } from "@app/hooks";
-import { useGetIdentityById } from "@app/hooks/api";
+import { identityAuthToNameMap, useGetIdentityById } from "@app/hooks/api";
 import { UsePopUpState } from "@app/hooks/usePopUp";

 type Props = {
@@ -138,6 +139,18 @@ export const IdentityDetailsSection = ({ identityId, handlePopUpOpen }: Props) =
          <p className="text-sm font-semibold text-mineshaft-300">Name</p>
          <p className="text-sm text-mineshaft-300">{data.identity.name}</p>
        </div>
+        <div className="mb-4">
+          <p className="text-sm font-semibold text-mineshaft-300">Last Login Auth Method</p>
+          <p className="text-sm text-mineshaft-300">
+            {data.lastLoginAuthMethod ? identityAuthToNameMap[data.lastLoginAuthMethod] : "-"}
+          </p>
+        </div>
+        <div className="mb-4">
+          <p className="text-sm font-semibold text-mineshaft-300">Last Login Time</p>
+          <p className="text-sm text-mineshaft-300">
+            {data.lastLoginTime ? format(data.lastLoginTime, "PPpp") : "-"}
+          </p>
+        </div>
        <div className="mb-4">
          <p className="text-sm font-semibold text-mineshaft-300">Delete Protection</p>
          <p className="text-sm text-mineshaft-300">
--- a/frontend/src/pages/organization/SettingsPage/components/OrgSsoTab/LDAPModal.tsx
+++ b/frontend/src/pages/organization/SettingsPage/components/OrgSsoTab/LDAPModal.tsx
@@ -92,12 +92,7 @@ export const LDAPModal = ({ popUp, handlePopUpClose, handlePopUpToggle, hideDele
  const watchUrl = watch("url");
  const watchBindDN = watch("bindDN");
  const watchBindPass = watch("bindPass");
-  const watchSearchBase = watch("searchBase");
-  const watchSearchFilter = watch("searchFilter");
-  const watchGroupSearchBase = watch("groupSearchBase");
-  const watchGroupSearchFilter = watch("groupSearchFilter");
  const watchCaCert = watch("caCert");
-  const watchUniqueUserAttribute = watch("uniqueUserAttribute");

  useEffect(() => {
    if (data) {
@@ -147,7 +142,6 @@ export const LDAPModal = ({ popUp, handlePopUpClose, handlePopUpToggle, hideDele
      } else {
        await updateMutateAsync({
          organizationId: currentOrg.id,
-          isActive: false,
          url,
          bindDN,
          bindPass,
@@ -179,23 +173,13 @@ export const LDAPModal = ({ popUp, handlePopUpClose, handlePopUpToggle, hideDele

  const handleTestLDAPConnection = async () => {
    try {
-      await onSSOModalSubmit({
+      const result = await testLDAPConnection({
        url: watchUrl,
        bindDN: watchBindDN,
        bindPass: watchBindPass,
-        searchBase: watchSearchBase,
-        searchFilter: watchSearchFilter,
-        groupSearchBase: watchGroupSearchBase,
-        groupSearchFilter: watchGroupSearchFilter,
-        uniqueUserAttribute: watchUniqueUserAttribute,
-        caCert: watchCaCert,
-        shouldCloseModal: false
+        caCert: watchCaCert ?? ""
      });

-      if (!data) return;
-
-      const result = await testLDAPConnection(data.id);
-
      if (!result) {
        createNotification({
          text: "Failed to test the LDAP connection: Bind operation was unsuccessful",
--- a/frontend/src/pages/organization/UserDetailsByIDPage/components/UserDetailsSection.tsx
+++ b/frontend/src/pages/organization/UserDetailsByIDPage/components/UserDetailsSection.tsx
@@ -7,6 +7,7 @@ import {
  faPencil
 } from "@fortawesome/free-solid-svg-icons";
 import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
+import { format } from "date-fns";

 import { createNotification } from "@app/components/notifications";
 import { OrgPermissionCan } from "@app/components/permissions";
@@ -159,6 +160,22 @@ export const UserDetailsSection = ({ membershipId, handlePopUpOpen }: Props) =>
            </p>
          </div>
        </div>
+        <div className="mb-4">
+          <p className="text-sm font-semibold text-mineshaft-300">Last Login Auth Method</p>
+          <div className="group flex align-top">
+            <p className="break-all text-sm text-mineshaft-300">
+              {membership.lastLoginAuthMethod || "-"}
+            </p>
+          </div>
+        </div>
+        <div className="mb-4">
+          <p className="text-sm font-semibold text-mineshaft-300">Last Login Time</p>
+          <div className="group flex align-top">
+            <p className="break-all text-sm text-mineshaft-300">
+              {membership.lastLoginTime ? format(membership.lastLoginTime, "PPpp") : "-"}
+            </p>
+          </div>
+        </div>
        <div className="mb-4">
          <p className="text-sm font-semibold text-mineshaft-300">Organization Role</p>
          <p className="text-sm text-mineshaft-300">{roleName ?? "-"}</p>
Author	SHA1	Message	Date
Sheen	fc5d42baf0	Merge pull request #4329 from Infisical/misc/address-ldap-update-and-test-issues misc: address LDAP config update and test issues	2025-08-08 04:51:27 +08:00
Sheen Capadngan	b95c35620a	misc: addressed comments	2025-08-08 04:49:23 +08:00
Akhil Mohan	fa867e5068	Merge pull request #4319 from Infisical/feat/last-logged-auth feat: adds support for last logged in auth method field	2025-08-08 00:45:43 +05:30
x032205	8851faec65	Fix padding	2025-08-07 15:12:37 -04:00
Daniel Hougaard	47fb666dc7	Merge pull request #4320 from Infisical/daniel/vault-migration-path-fix fix: improve vault folders mapping	2025-08-07 22:33:58 +04:00
Sheen Capadngan	569edd2852	misc: addres LDAP config update and test issues	2025-08-07 23:56:52 +08:00
=	8da0a4d846	feat: correction in sizing	2025-08-07 14:16:27 +05:30
=	eebf080e3c	feat: added last login time	2025-08-07 13:37:06 +05:30
x032205	1ad02e2da6	Merge pull request #4324 from Infisical/mssql-ssl-issue-fix servername host for mssql	2025-08-06 21:08:21 -04:00
x032205	e105a5f7da	servername host for mssql	2025-08-06 19:53:13 -04:00
Scott Wilson	72b80e1fd7	Merge pull request #4323 from Infisical/audit-log-error-message-parsing-fix fix(frontend): correctly parse fetch audit log error message	2025-08-06 15:47:25 -07:00
Scott Wilson	6429adfaf6	Merge pull request #4322 from Infisical/audit-log-dropdown-overflow improvement(frontend): update styling and overflow for audit log filter	2025-08-06 15:43:49 -07:00
Scott Wilson	50e40e8bcf	improvement: update styling and overflow for audit log filter	2025-08-06 15:17:55 -07:00
Daniel Hougaard	000dd6c223	Update external-migration-router.ts	2025-08-07 00:43:07 +04:00
Daniel Hougaard	60dc1d1e00	fix: improve vault folders mapping	2025-08-06 19:58:35 +04:00
=	be20a507ac	feat: reptile feedback	2025-08-06 12:30:41 +05:30
=	63cf36c722	fix: updated the migration file issue	2025-08-06 11:59:37 +05:30
=	4dcd3ed06c	feat: adds support for last logged in auth method field	2025-08-06 11:57:43 +05:30
				`@@ -0,0 +1 @@`
				`export { LastLoginSection } from "./LastLoginSection";`