Contact Contact Show All Awards & Recognition
Contact
Show All Awards & Recognition

Single Sign-on (SSO)

reviewed

last reviewed: 26.08.2022

General Tools

Author:

Blackbit

Version

Last updated

Compatible Pimcore Version

>= 5.4

Contact

hilfe@blackbit.de

Issues

hilfe@blackbit.de

1  Reviewer

reviewed on 26.08.2022

Blackbit

Single Sign-on (SSO)

General Tools

Project Summary

Single-sign on plugin for Pimcore. Supports OpenID and LDAP. SAML and OAuth2 coming soon


Readme

Pimcore Single Sign-on

This bundle provides single-sign on support for Pimcore backend login. This allows to maintain user credentials and roles on an external auth provider.

Currently the bundle supports OpenID and LDAP authentication providers. Support for SAML and OAuth2 will come soon.

OpenID is supported by a wide range of applications like

Configuration

Configuration can be done directly in Pimcore backend (no need to edit YAML files): Auth provider configuration

You can add as many auth providers as you want (e.g. if your internal users use a different auth provider as your Pimcore agency).

You can also configure default roles for each authentication provider. Those rules will get applied to newly created users. If an existing user logs in the default roles will not get applied.

Login

Single sign on as an optional login method

For each authentication provider (except for LDAP providers) a new button will be added to Pimcore's login screen: Auth provider configuration

After the user clicks this button, he will get redirected to the authentication provider. There he can log in (or perhaps already is logged in). Afterwards he will get redirected to your Pimcore and logged in. Internally a usual Pimcore user will get created based on the information of the authentication provider (e.g. username, email, roles).

Single sign on as default login method

You can configure one authentication provider to be the default one. When this is done and a not logged-in user accesses https://your-pimcore.com/admin he will automatically get redirected to the authentication provider to login there. Afterwards he will get sent back to Pimcore backend being logged in.

LDAP

For LDAP authentication providers no additional button gets added to the login screen but the normal login form gets used. With those credentials the LDAP provider gets requested and if the credentials are valid, the user gets logged in. Same as for other authentication types internally a usual Pimcore user will get created and the LDAP profile fields get applied ( e.g. username, email).

Review status

reviewed

last reviewed: 26.08.2022

?>

Author:

Blackbit

Version

Last updated

Compatible Pimcore Version

>= 5.4

Contact

hilfe@blackbit.de

Issues

hilfe@blackbit.de

1  Reviewer

reviewed on 26.08.2022

Blackbit