SSO (single sign-on) support
It would be a great addition to support SSO (single sign-on) / OAuth.
This could also be achieved by supporting an authentication proxy as described in this legacy feature request. I think most people would appreciate any kind of external authentication to integrate it in their centralized identity server.
would love this
Keycloak in my case
yes please
Having an authenticating proxy in front of Plausible to deal with it has annoying limitations and complexity, so native SSO is much more preferable.
Also the current user management is relatively impractical… so +1 to this issue.
Hello 👋🏼
My name is Cenk and I am working on Security and Infrastructure at Plausible Analytics.
We can’t provide an exact date for the availability of this feature yet. However, this topic is on our roadmap and we are working on it.
To better understand your requirements, which provider do you want to connect Plausible with?
And are there any specific features you would like to see in this integration?
Feel free to reach out via email to cenk [ät] plausible.io
Hi @Cenk Kücük The first provider i can see is Microsoft Entra ID (Azure AD) via SAML and/or OpenID. It is heavily used in corporations. The second one is maybe AWS Cognito. Thanks a lot !
which provider do you want to connect Plausible with?
Generic OpenID is the best first option. Most serious Identity Providers on the market (selfhosted or SaaS) support that standard.
Then if you really want end-user convenience, you can one-click major providers by adding some hardcoded pre-filling of OpenID configuration inputs under the hood.
are there any specific features you would like to see in this integration?
- Pick a claim name of your choosing to mandate in OpenID tokens, (typically “roles”, assumed hereafter)
- Allow configuring, by site, permissions by token roles (ie then in foo.com’s site settings, I could enter that users with “plausible:read_only:foo.com” as one of their roles get read permissions)
That’s pretty much all I personally want out of it, as most SSOs allow doing the whole dynamic roles thing, and so there’s minimal need for Plausible to support more elaborate integration.