mirror of
https://github.com/inventree/inventree-docs.git
synced 2025-06-17 04:35:36 +00:00
_includes
docs
admin
SSO.md
admin.md
email.md
export.md
import.md
logs.md
permissions.md
settings.md
shell.md
tasks.md
app
assets
build
companies
extend
javascripts
part
releases
report
start
stock
stylesheets
webfonts
contribute.md
credits.md
faq.md
features.md
hooks.py
index.md
upcoming.md
.gitignore
LICENSE
README.md
main.py
mkdocs.yml
readthedocs.yml
requirements.txt
26 lines
1.2 KiB
Markdown
26 lines
1.2 KiB
Markdown
---
|
|
title: InvenTree Single Sign On
|
|
---
|
|
|
|
## Single Sign On
|
|
|
|
InvenTree provides the possibility to use 3rd party services to authenticate users. This functionality makes use of [django-allauth](https://django-allauth.readthedocs.io/en/latest/) and supports a wide array of OpenID and OAuth [provider](https://django-allauth.readthedocs.io/en/latest/providers.html).
|
|
|
|
### Configuration
|
|
|
|
To use SSO you have to:
|
|
1. Enable the needed providers in the [config file](../start/config.md#Single-Sign-on).
|
|
1. Add the required client configurations in the `SocialApp` app in the [admin interface](../admin/admin.md).
|
|
1. Enable SSO for the users in the [dynamic settings](../admin/settings.md).
|
|
|
|
### Security Consideration
|
|
|
|
You should use SSL for your website if you want to use this feature. Also set your callback-endpoints to `https://` addresses to reduce the risk of leaking user's tokens.
|
|
|
|
Tokens for authenticating the users to the providers they registered with are saved in the database.
|
|
So ensure your database is protected and not open to the internet.
|
|
Make sure all users with admin privileges have sufficient passwords - they can read out your client configurations with providers and all auth-tokens from users.
|
|
|
|
Never share your installs secret key!
|
|
|