SSO / third-party authentication?

Hello there! :wave:

For self-hosted users - and I suppose for others as well - I believe it would be VERY convenient to be able to plug our own authentication provider (Google, LDAP…).

Although many Django-based apps support this rather easily, it seems this is difficult for Kobotoolbox because of the impacts in the form server kobocat, which needs to share the same user management and will in turn have impacts on the client apps.

Still, this might be something we could be ready to develop / sponsor / finance if we get some initial direction.

Would anyone have any suggestions on how this might work?

If not, then the next best thing would be at least a user management API so we could synchronize the users with our systems (even if the passwords obviously won’t be synced).

Thanks for any guidance / background here!

@yjouanique, please be informed that KoBoToolbox is planning to build OpenID Connect integration for the World Bank in 2022 (probably Q1).

The basic plan for SSO (and MFA) is that people using these features would need to create separate data collection users that do not have SSO or MFA enabled. These users could have very limited permissions, i.e. only access to view the blank form and make new submissions, not view any submitted data.

Thanks @Kal_Lam , very interesting and useful to know!

I would agree that data collectors can probably get away with separate users if there’s an easy way to generate them (in batch maybe?)