|Category: GLPI Network|
SubjectSetup oauth (SSO) authentication
In this article, we will see how to to setup oauth (SSO) authentication to allows automatic authentication and import users from external services.
Currently connects via:
Plugin Oauthsso Installation
This plugin is available on the Marketplace in your GLPI Network Ckoud Instance.
This plugin uses the External authentications feature of GLPI. To be functionnal, it needs to be configured.
Users who want authenticate will not be known by GLPI, so it's could be interesting to setup some fields to create them with a little bit of information.
The field "Remove the domain of logins like login@domain" must be set to "No" to avoid illegitimate authentications !
For Google suite, if you have an email like
Now, you need to enable Automatically add users from an external authentication source
Oauth SSO authentication configuration
Now, the plugin is ready to use.
The fields to be completed may change depending the provider !
When the provider is enabled, you will see the new GLPI login page !
Authorizations assignment rules
Most of the time, you will need to establish some rules to manage users after authentication, especially Authorizations assignment rules.
To create rules for users, you will need to go in Administration > Rules > Authorizations assignment rules menu.
There is no mandatory rules, you could create all rules you want to meets your need.
For example: I need to assign Self-Service Profile on my users.
Remember that we enabled an option above to avoid illegitimate authentication ! This parameter, in practice, will keep the domain in the User ID field. The users will therefore be registered in GLPI like this: login@mydomain.
This can therefore become a criteria of my rule because @mydomain is a common denominator of all my users.
Now, i can establish an action formy rule. Here, i want to assign Self-Service profile.
This provider requires to enable Google+ API before providing any user details (like given name or emails)
Google oauth service also supports multiple emails in their response.
Candidates for future providers
Created on 2020-02-18 15:58
Last update on 2021-04-08 11:09
This item is part of the FAQ