SSO-only mode
Is it possible to disable local user creation/signup (username + password) but still allow creating users through SSO?
Or how are we supposed to handle adding new users using SSO?
We wish to enforce all access using Google SSO and cannot figure out a good way to do this
Right now, if we want new SSO users to login but have disabled public signup, we're stuck on the login screen with errors logs saying public signup is disabled.
If we remove that environment variable, anybody can create a new user using the "Sign up" button.
My view (although it would be different based on different use-cases) are users who login through SSO can be trusted, because these are usually restricted to internal users only in the IDP.
9 Replies
Hi, not possible as of now. What you could do is to enforce sso for your domain (there’s an env for that), or create an issue/PR to disable email/password auth
Thanks for the guidance. Will try enforcing SSO for my domain, and maybe later on implementing the SSO-only feature flag.
Thanks for the PR
Would this solve your need?
https://github.com/langfuse/langfuse/issues/509
GitHub
feat: Allow only SSO account creation · Issue #509 · langfuse/langf...
Describe the feature you'd like to request I would like to allow accounts to be created only through SSO in order to be sure only trusted users have access to langfuse Describe the solution you...
That looks like exactly what we need. I attempted something in this PR, but I may need guidance to validate everything is working as expected, and if I have done the right thing to begin with.
https://github.com/langfuse/langfuse/pull/510
GitHub
feature: SSO Enforced mode by p5 · Pull Request #510 · langfuse/lan...
Creates a flag that disables the use of internal credentials in the case of somebody (e.g. my company) wanting to enforce SSO authentication with an IDP.
This is my first attempt at contributing to...
Will try and rework it to use the
AUTH_ALLOWED_SSO_DOMAINS_ONLY
suggestionWill have a closer look later. Thanks!
Thanks for merging! And sorry for all the changes that were needed
No worries
Happy to have this merged now, released it and added it to the self-hosting docs