-
Notifications
You must be signed in to change notification settings - Fork 403
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement OpenID Apps(SSO) #1897
Comments
You can already use OpenID Connect today! Check out the docs here, you can implement any generic OIDC provider or use an IdP specific option like Okta, Google, Zitadel etc - in my case, we're implementing support for Yubikey at the Okta layer, not the Netbird application. |
That is true tho. I've seen it in the docs before. |
I am fairly certain everything you want is already available out of the box. You can map groups from the OIDC claim to Netbird for automatic assignment. To implement OIDC/OpenID you need an OpenID provider/authorization server, unless I'm misunderstanding what you're suggesting it sounds like you want that to be built into Netbird? That would be very unusual design and not something I've ever encountered in the wild - there is no benefit to to running an IdP attached to a single piece of software, as that negates all the benefits of single sign on conceptually (it's not single sign on, your users and auth are local to the individual app in that scenario and you have to run additional infrastructure to facilitate a process that's already possible without the added layer) If you want to roll your own IdP, check out Authentik - there is native support for it in Netbird and the link there will show you how to map groups. |
Oh yeah, kinda unusual actually. But right now im using Deguard for my stuff and they had that actually added in their program. But i wanted to change vpn since it didn't have that good permission/groups you guys have. "To implement OIDC/OpenID you need an OpenID provider/authorization server" " there is no benefit to to running an IdP attached to a single piece of software, as that negates all the benefits of single sign on conceptually (it's not single sign on, your users and auth are local to the individual app in that scenario and you have to run additional infrastructure to facilitate a process that's already possible without the added layer)" |
So to make Netbird perfect i would love if you could implement
OpenID apps
YubiKeys
Not sure if you could add some permissions for the apps.
Since there is already groups(love it).
Maybe it is possible to give permission to that group to be able to use the OpenID app(SSO).
Would love this feature, Thanks :)
The text was updated successfully, but these errors were encountered: