---
# playbooks/enforce_access_identity.yml
# Enforces access, SSO, and MFA policies
- name: Enforce access and identity policies
  hosts: all
  gather_facts: false
  tasks:
    - name: Remind to use Authentik SSO for all services
      ansible.builtin.debug:
        msg: "[Reminder] All new services must integrate with Authentik SSO."

    - name: Remind to enforce MFA and strong passwords
      ansible.builtin.debug:
        msg: "[Reminder] MFA required for all admin/operator accounts. Use password vaults."