Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OIDC: allow admins to to log in via SSO #5916

Open
Shuttleu opened this issue Jun 20, 2024 · 1 comment
Open

OIDC: allow admins to to log in via SSO #5916

Shuttleu opened this issue Jun 20, 2024 · 1 comment
Labels
enhancement

Comments

@Shuttleu
Copy link

Summary

It would be nice to allow system admins to authenticate via an idp instead of just a username and password to help with access management when a user leaves the organisation. Maybe via a group claim or set specific mailbox users to be system administrators?

Motivation

By implimenting this, it would allow organisations to give/remove someone admin access from a single location. It would also mean when they disable their idp account, they wouldn't need to worry about forgetting to disable access from within mailcow.

Additional context

No response
@johann1525
Copy link

I agree. Users should be fetched from one or more (internal/external) IdP. And authorization should be configured in one place via the mailcow admin. Group claim to set permissions would be very good.

I successfully run a beta instance with Keycloak as an external IdP for a while now. It is working really good so far. Except SoGO not offering a logout button to the user.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Shuttleu @johann1525