tolgee-platform icon indicating copy to clipboard operation
tolgee-platform copied to clipboard

Published 20 hours ago verified publisher icon tolgee

Add SSO feature to Cloud and Self-hosted

Open JanCizmar opened this issue 1 year ago • 6 comments

For larger companies, SSO login is a must have both on Cloud and self-hosted instances. This feature will be included in enterprise plans.

  • [x] Explore the industry standard of SSO login
  • [x] Implement the SSO login compatible with most popular providers
    • [ ] Google, Microsoft, KeyCloak, CloudFlare, Custom, Okta
  • [x] Enable custom configuration for the logos and UI stuff

Analysis

  • [x] Analize what standards are used by the providers above and list them here
  • [x] Prepare proof of concept of Authentication using each standard

For self-hosted instances

Currently, on self-hosted instances, you can setup your own oAuth provider, but the standard login form is still there.

  • [x] When native login is disabled, remove the login form & sign up form
  • [x] Enable custom logo & button text in server configuration properties

For cloud

  • [x] Enable SSO configuration on the organization
  • [x] Under the standard login form on Cloud, there should be SSO login button. After clicking the button user will be asked for domain. If the domain is found, user will be redirected to provided authentication service and follow similar process as we currently do for Github, Google or oAuth

Other requirements

- [ ] As this is enterprise feature, all has to be implemented in ee directories.

Related issues

  • [ ] https://github.com/tolgee/tolgee-platform/issues/1960

JanCizmar avatar Apr 23 '24 08:04 JanCizmar

We use Okta and would benefit from this

jdimeo avatar Jun 11 '24 02:06 jdimeo

The server configuration page already shows google, github and generic oauth, but I was windering why it wasn't working. I guess it's not shipped yet right?

cupcakearmy avatar Aug 21 '24 08:08 cupcakearmy

@cupcakearmy It works, but only on self-hosted isntances without the ability to hide native form or change the logo or text on the button.

JanCizmar avatar Aug 21 '24 12:08 JanCizmar

Interesting, then maybe I'm doing something wrong? This is the config I have right now.

tolgee:
  authentication:
    create-demo-for-initial-user: false
    enabled: true
    registrations-allowed: true
    user-can-create-organizations: true
    initial-password: ***
    initial-username: ***
  google:
    client-id: ***
    client-secret: ***
    workspace-domain: ***

  content-delivery:
    public-url-prefix: ***
    storage:
      s3:
        access-key: ***
        secret-key: ***
        bucket-name: ***
        endpoint: ***
        signing-region: ***

cupcakearmy avatar Aug 21 '24 22:08 cupcakearmy

@cupcakearmy Can you please open separate issue for this? It's unrelated to this thread. In the issue please describe, what are you actually trying to achieve! Thanks!

JanCizmar avatar Aug 22 '24 07:08 JanCizmar