SAML2 authentication

Let users log into Odoo via an SAML2 identity provider.

This module allows to deport the management of users and passwords in an external authentication system to provide SSO functionality (Single Sign On) between Odoo and other applications of your ecosystem.

Benefits

Reducing the time spent typing different passwords for different accounts.
Reducing the time spent in IT support for password oversights.
Centralizing authentication systems.
Securing all input levels / exit / access to multiple systems without prompting users.
The centralization of access control information for compliance testing to different standards.

Installation

Install as you would install any Odoo addon.

Dependencies

This addon requires pysaml2 and xmlsec1.

Configuration

To use this module, you need an IDP server, properly set up.

Configure the module according to your IdP’s instructions (Settings > Users & Companies > SAML Providers).
Pre-create your users and set the SAML information against the user.

By default, the module let users have both a password and SAML ids. To increase security, disable passwords by using the option in Settings. Note that the admin account can still have a password, even if the option is activated.

If all the users have a SAML id in a single provider, you can set automatic redirection in the provider settings. It is still possible to access the login without redirection by using the query parameter disable_autoredirect, as in https://example.com/web/login?disable_autoredirect= The login is also displayed if there is an error with SAML login, in order to display any error message.

Usage

Users can login with the configured SAML IdP with buttons added in the login screen.

Demo

Known issues / Roadmap

None for now.

Bug Tracker

Bugs are tracked on GitHub Issues. In case of trouble, please check there if your issue has already been reported. If you spotted it first, help us smash it by providing a detailed and welcomed feedback here.

Credits

Contributors

In order of appearance:

Florent Aide, <florent.aide@xcg-consulting.fr>

Vincent Hatakeyama, <vincent.hatakeyama@xcg-consulting.fr>

Alexandre Brun, <alexandre.brun@xcg-consulting.fr>

Jeremy Co Kim Len, <jeremy.cokimlen@vinci-concessions.com>

Houzéfa Abbasbhay <houzefa.abba@xcg-consulting.fr>

Bhavesh Odedra <bodedra@opensourceintegrators.com>

Maintainer

This module is maintained by the OCA.

OCA, or the Odoo Community Association, is a nonprofit organization whose mission is to support the collaborative development of Odoo features and promote its widespread use.

To contribute to this module, please visit http://odoo-community.org.