For self-hosted users - and I suppose for others as well - I believe it would be VERY convenient to be able to plug our own authentication provider (Google, LDAP…).
Although many Django-based apps support this rather easily, it seems this is difficult for Kobotoolbox because of the impacts in the form server kobocat, which needs to share the same user management and will in turn have impacts on the client apps.
Still, this might be something we could be ready to develop / sponsor / finance if we get some initial direction.
Would anyone have any suggestions on how this might work?
If not, then the next best thing would be at least a user management API so we could synchronize the users with our systems (even if the passwords obviously won’t be synced).
@yjouanique, please be informed that KoBoToolbox is planning to build OpenID Connect integration for the World Bank in 2022 (probably Q1).
The basic plan for SSO (and MFA) is that people using these features would need to create separate data collection users that do not have SSO or MFA enabled. These users could have very limited permissions, i.e. only access to view the blank form and make new submissions, not view any submitted data.
Well, according to the code, it seems this is now supported…
Unfortunately I don’t think it has ever been announced or documented (?)…
@Kal_Lam I’m not sure if you can point us to some docs - the configuration seems easy to reverse-engineer from the code, but such an important feature would really deserve documentation in my opinion, since I imagine most self-hosters will be interested…
Hi everyone,
Did anybody manage to leverage a third-party OAuth 2.0 authentication service to implement SSO?
Any example would be much appreciated.
Thanks!
I confirm we also have a working setup using the open-source self-hosted flavour.
I can get my team to post some guidance for the setup, but from what I remember it’s the fairly typical Django SSO…