Screenshot 2024-03-04 at 4.04.55 PM.png
Cover image for sujoychaudhary

Sujoy Verified userVerified user

Helping Appsmith Customers Succeed

Appsmith

Integrate SSO with Appsmith for Easy Login

If your company uses Single Sign-On (SSO) for employee logins to internal apps, integrating your SSO provider with Appsmith is a smart move. Appsmith supports both SAML and OIDC authentication methods, compatible with popular providers like Auth0, Okta, Active Directory (a favorite among users), Google Workspace, GitHub Enterprise Cloud, and Ping Identity.

Best Practices for SSO Integration

Based on our experience with various companies, here are some best practices to follow:

  1. Implement SSO for Seamless Authentication: Use SSO to allow employees to access multiple applications with a single set of credentials. Appsmith supports both SAML and OIDC, ensuring compatibility with a wide range of identity providers. For a detailed installation guide, click here.
     
  2. Automate User Provisioning with SCIM: To save time on manually adding or removing user access, use the System for Cross-Domain Identity Management (SCIM). It automates user and group provisioning, significantly reducing manual work. Check out the quick setup steps here. If SCIM isn't an option, manually creating and managing groups based on internal teams is recommended.
     
  3. Assign Roles to Groups: Give specific roles to groups according to their functions (like "Finance Team") to make sure access matches job needs. This follows the principle of least privilege. Appsmith's Granular Access Controls (GAC) make this easy to manage in Admin Settings. Find out how here.
     
  4. Establish Cross-Functional Groups: For roles that need access to multiple areas (such as developers working across different business units), set up cross-functional groups. This helps them access various applications without hassle. Learn how to set this up here.
     
  5. Keep User Groups Updated: For security, always keep user groups current by adding new members and removing those who leave, ideally within 24 hours of their departure. This process can also be automated with SCIM.
     
  6. Update Roles for New Apps: When new applications are introduced to a team, update the group's roles to include access to these new resources. This ensures everyone has immediate access upon the application's launch.

Have Questions?

Got more on your mind? Drop your questions in the "comments" section below, and I'll get back to you as soon as possible. :)

sparrenberg public View sparrenberg's profile
Sat, 07/13/2024 - 04:42

Does this work in self-hosted community edition?

Ron Northcutt Verified userVerified user staff View ron's profile
Mon, 07/29/2024 - 10:13

In reply to by sparrenberg

The community edition supports:

  • email/pass
  • Google Auth
  • Github Auth

SSO is available in the Enterprise edition.