SSO / third-party authentication?

Hello there! :wave:

For self-hosted users - and I suppose for others as well - I believe it would be VERY convenient to be able to plug our own authentication provider (Google, LDAP…).

Although many Django-based apps support this rather easily, it seems this is difficult for Kobotoolbox because of the impacts in the form server kobocat, which needs to share the same user management and will in turn have impacts on the client apps.

Still, this might be something we could be ready to develop / sponsor / finance if we get some initial direction.

Would anyone have any suggestions on how this might work?

If not, then the next best thing would be at least a user management API so we could synchronize the users with our systems (even if the passwords obviously won’t be synced).

Thanks for any guidance / background here!

@yjouanique, please be informed that KoBoToolbox is planning to build OpenID Connect integration for the World Bank in 2022 (probably Q1).

The basic plan for SSO (and MFA) is that people using these features would need to create separate data collection users that do not have SSO or MFA enabled. These users could have very limited permissions, i.e. only access to view the blank form and make new submissions, not view any submitted data.

Thanks @Kal_Lam , very interesting and useful to know!

I would agree that data collectors can probably get away with separate users if there’s an easy way to generate them (in batch maybe?)

Hello, I just come here to have some news regarding this topic. Is the feature still planned to be implemented ?

1 Like

Welcome to the community, @phardy! It’s a work-on-progress feature and will be live soon.

2 Likes

hi @Kal_Lam,

I’d also be very interested to get more information on the SSO feature developed.

1 Like

Hello there @Kal_Lam would you have a more precise roadmap to share for this SSO feature?

Welcome back to the community, @yjouanique! FYR, you could follow this road map …

Hello @Kal_Lam would you have any updates on this front? It doesn’t look like the functionality is available yet?

Thanks!

Greetings,

Is SSO / Google Sign In now available?

Thank you.

Well, according to the code, it seems this is now supported…

Unfortunately I don’t think it has ever been announced or documented (?)…

@Kal_Lam I’m not sure if you can point us to some docs - the configuration seems easy to reverse-engineer from the code, but such an important feature would really deserve documentation in my opinion, since I imagine most self-hosters will be interested…

@levi, @yjouanique, yes, MFA is available with KoboToolbox (but limited to subscribed users only).

This is not about MFA, but about SSO with social logins…

Hi everyone,
Did anybody manage to leverage a third-party OAuth 2.0 authentication service to implement SSO?
Any example would be much appreciated.
Thanks!