Implement OpenID Apps(SSO)

[Zekhap]

So to make Netbird perfect i would love if you could implement
OpenID apps
YubiKeys

Not sure if you could add some permissions for the apps.

Since there is already groups(love it).
Maybe it is possible to give permission to that group to be able to use the OpenID app(SSO).

Would love this feature, Thanks :)

[taylorwilsdon]

You can already use OpenID Connect today! Check out the docs here, you can implement any generic OIDC provider or use an IdP specific option like Okta, Google, Zitadel etc - in my case, we're implementing support for Yubikey at the Okta layer, not the Netbird application.

[Zekhap]

That is true tho. I've seen it in the docs before.
But I just didn't want to rely on another UI and wanted to have everything in a single place instead of using multiple websites.
It would feel way better also using it on the same Ui

[taylorwilsdon]

I am fairly certain everything you want is already available out of the box. You can map groups from the OIDC claim to Netbird for automatic assignment. To implement OIDC/OpenID you need an OpenID provider/authorization server, unless I'm misunderstanding what you're suggesting it sounds like you want that to be built into Netbird? That would be very unusual design and not something I've ever encountered in the wild - there is no benefit to to running an IdP attached to a single piece of software, as that negates all the benefits of single sign on conceptually (it's not single sign on, your users and auth are local to the individual app in that scenario and you have to run additional infrastructure to facilitate a process that's already possible without the added layer)

If you want to roll your own IdP, check out Authentik - there is native support for it in Netbird and the link there will show you how to map groups.

[Zekhap]

Oh yeah, kinda unusual actually. But right now im using Deguard for my stuff and they had that actually added in their program. But i wanted to change vpn since it didn't have that good permission/groups you guys have.

"To implement OIDC/OpenID you need an OpenID provider/authorization server"
Yes that is correct. Just asked if it was like possible to have that integrated into Netbird.(Just don't like using like multiple websites ). But it wouldn't hurt to add more stuff right?

" there is no benefit to to running an IdP attached to a single piece of software, as that negates all the benefits of single sign on conceptually (it's not single sign on, your users and auth are local to the individual app in that scenario and you have to run additional infrastructure to facilitate a process that's already possible without the added layer)"
Yes that SSO that is integrated right now wouldn't work i think.