[GH-ISSUE #1193] Implement Single Sign-On (SSO) Authentication with Azure Active Directory, GitHub, and Google #736

Closed
opened 2026-02-22 18:21:05 -05:00 by yindo · 16 comments
Owner

Originally created by @bulik0071 on GitHub (Apr 26, 2024).
Original GitHub issue: https://github.com/Mintplex-Labs/anything-llm/issues/1193

What would you like to see?

I would like to suggest a new feature for the implementation of Single Sign-On (SSO) authentication using Azure Active Directory, GitHub, and Google. This feature would enhance security and streamline the login process by allowing users to authenticate through these widely-used platforms.

Why it would be useful:

  • Enhanced Security: Leveraging the security features of Azure AD, GitHub, and Google can help secure the authentication process.
  • User Convenience: Users can sign in with their existing accounts without needing to remember additional passwords.
  • Increased Adoption: Easier access might encourage more users to try out and continue using the platform.

This feature could potentially lead to higher user satisfaction and streamline workflows by reducing the barriers to entry. I believe that integrating SSO with these services would make a significant positive impact on the user experience.

Originally created by @bulik0071 on GitHub (Apr 26, 2024). Original GitHub issue: https://github.com/Mintplex-Labs/anything-llm/issues/1193 ### What would you like to see? I would like to suggest a new feature for the implementation of Single Sign-On (SSO) authentication using Azure Active Directory, GitHub, and Google. This feature would enhance security and streamline the login process by allowing users to authenticate through these widely-used platforms. Why it would be useful: - Enhanced Security: Leveraging the security features of Azure AD, GitHub, and Google can help secure the authentication process. - User Convenience: Users can sign in with their existing accounts without needing to remember additional passwords. - Increased Adoption: Easier access might encourage more users to try out and continue using the platform. This feature could potentially lead to higher user satisfaction and streamline workflows by reducing the barriers to entry. I believe that integrating SSO with these services would make a significant positive impact on the user experience.
yindo added the enhancementfeature request labels 2026-02-22 18:21:05 -05:00
yindo closed this issue 2026-02-22 18:21:05 -05:00
Author
Owner

@cope commented on GitHub (May 10, 2024):

This would be awesome!

@cope commented on GitHub (May 10, 2024): This would be awesome!
Author
Owner

@CultusMechanicus commented on GitHub (May 16, 2024):

Could we also keep a generic "read user from an Auth header" on the radar, as that would open up using basically any third party auth system. For instance, I have Open WebUI header-authenticating via a Cloudflare Access worker tied to Discord and GitHub.

@CultusMechanicus commented on GitHub (May 16, 2024): Could we also keep a generic "read user from an Auth header" on the radar, as that would open up using basically any third party auth system. For instance, I have Open WebUI header-authenticating via a Cloudflare Access worker tied to Discord and GitHub.
Author
Owner

@IamTaoChen commented on GitHub (May 21, 2024):

I use Keycloak. it's better to support generic OIDC.

@IamTaoChen commented on GitHub (May 21, 2024): I use Keycloak. it's better to support generic OIDC.
Author
Owner

@ozoromo commented on GitHub (Jun 12, 2024):

+1 on this feature, would make adoption into pre-existing environments much easier and make it easier for companies to use

@ozoromo commented on GitHub (Jun 12, 2024): +1 on this feature, would make adoption into pre-existing environments much easier and make it easier for companies to use
Author
Owner

@derkoe commented on GitHub (Jun 20, 2024):

I think using https://authjs.dev/getting-started/installation?framework=express might be the best solution since it supports multiple auth methods. The library used in #1326 only supports Google.

@derkoe commented on GitHub (Jun 20, 2024): I think using https://authjs.dev/getting-started/installation?framework=express might be the best solution since it supports multiple auth methods. The library used in #1326 only supports Google.
Author
Owner

@vipr0105 commented on GitHub (Jun 20, 2024):

+1, at times majority of documents sit in O365 and SSO/AD integration shall make things more simpler. We could call those documents directly into LLM, by automating the complete process instead of manually feeding via GUI.

@vipr0105 commented on GitHub (Jun 20, 2024): +1, at times majority of documents sit in O365 and SSO/AD integration shall make things more simpler. We could call those documents directly into LLM, by automating the complete process instead of manually feeding via GUI.
Author
Owner

@bmkor commented on GitHub (Jul 2, 2024):

+1 Could also include LDAP auth which is commonly used in company environment.

@bmkor commented on GitHub (Jul 2, 2024): +1 Could also include LDAP auth which is commonly used in company environment.
Author
Owner

@SeaDude commented on GitHub (Jul 8, 2024):

Has this enhancement been started yet? If so, where can I follow / maybe contribute to its progress?

@SeaDude commented on GitHub (Jul 8, 2024): Has this enhancement been started yet? If so, where can I follow / maybe contribute to its progress?
Author
Owner

@jlmatus commented on GitHub (Jul 22, 2024):

There's a PR from May that started implementing this (at least using google), but it hasn't been reviewed yet:
https://github.com/Mintplex-Labs/anything-llm/pull/1326

@jlmatus commented on GitHub (Jul 22, 2024): There's a PR from May that started implementing this (at least using google), but it hasn't been reviewed yet: https://github.com/Mintplex-Labs/anything-llm/pull/1326
Author
Owner

@sheneman commented on GitHub (Aug 9, 2024):

I just wanted to add that integrating Single Sign-On (SSO) with third-party authentication providers and OpenID Connect (OIDC) would greatly facilitate deploying this tool across our enterprise. In our case, we use OAuth and Azure Active Directory for authentication, along with Duo for multi-factor authentication (MFA).

I would personally love to see this feature request given a very high priority.

@sheneman commented on GitHub (Aug 9, 2024): I just wanted to add that integrating Single Sign-On (SSO) with third-party authentication providers and OpenID Connect (OIDC) would greatly facilitate deploying this tool across our enterprise. In our case, we use OAuth and Azure Active Directory for authentication, along with Duo for multi-factor authentication (MFA). I would personally love to see this feature request given a very high priority.
Author
Owner

@chkrause commented on GitHub (Sep 18, 2024):

Are there any updates available? When will the integration with authorisation providers available?

@chkrause commented on GitHub (Sep 18, 2024): Are there any updates available? When will the integration with authorisation providers available?
Author
Owner

@SeaDude commented on GitHub (Sep 18, 2024):

It would be HUGE to also implement Azure EntraID login to the DESKTOP app too.

The requirement to add an API key to use Azure Open AI is a blocker for many orgs.

(Of course the Docker image can be deployed centrally, but that in-turn introduces complexity.)

Imagine a world where enterprise users download a pre-vetted version of the AnythingLLM desktop app from the org's download center, login with their credentials, and now have access to the orgs Azure OpenAI.

That would basically be Enterprise ChatGPT...

@SeaDude commented on GitHub (Sep 18, 2024): It would be HUGE to also implement Azure EntraID login to the DESKTOP app too. The requirement to add an API key to use Azure Open AI is a blocker for many orgs. (Of course the Docker image can be deployed centrally, but that in-turn introduces complexity.) Imagine a world where enterprise users download a pre-vetted version of the AnythingLLM desktop app from the org's download center, login with their credentials, and now have access to the orgs Azure OpenAI. That would basically be Enterprise ChatGPT...
Author
Owner

@scooter7 commented on GitHub (Sep 19, 2024):

Hi, I'm also curious about this feature. It is the only thing I need before being able to implement AnythingLLM across my organization. Thanks!

@scooter7 commented on GitHub (Sep 19, 2024): Hi, I'm also curious about this feature. It is the only thing I need before being able to implement AnythingLLM across my organization. Thanks!
Author
Owner

@phosjlusky commented on GitHub (Nov 21, 2024):

I'd love to see built-in SAML support, A decent alternative would be header-based authentication so that I can authenticate in a proxy. Google

@phosjlusky commented on GitHub (Nov 21, 2024): I'd love to see built-in SAML support, A decent alternative would be header-based authentication so that I can authenticate in a proxy. Google
Author
Owner

@dpcahill commented on GitHub (Dec 16, 2024):

+1 Please SAML integration. Especially for MS Entra.

@dpcahill commented on GitHub (Dec 16, 2024): +1 Please SAML integration. Especially for MS Entra.
Author
Owner

@timothycarambat commented on GitHub (Jan 3, 2025):

Because there are limitless ways someone or an organization might want to manage access for SAML/SSO and, on top of that, even more specific flows and set ups, we have instead made a configuration you can enable SIMPLE_SSO, which allows you to generate a short-lived token URL that you can provision and redirect the user to that will log them into AnythingLLM automatically.

Now, you can build your own middleware that works with your specific process, provider, and UI/UX and on successful authentication pass the user the URL to be redirected to and have them be fully authenticated seamlessly.

Adding support for one provider means we need to add support for many many others and also the nuance of how people do authentication and frankly maintaining SSO will require so much bandwidth which is a distraction to the core proposition of this repo.

Now it is possible and fully flexible to whatever or however you want that flow to work.

@timothycarambat commented on GitHub (Jan 3, 2025): Because there are limitless ways someone or an organization might want to manage access for SAML/SSO and, on top of that, even more specific flows and set ups, we have instead made a configuration you can enable [SIMPLE_SSO](https://docs.anythingllm.com/configuration#simple-sso-passthrough), which allows you to generate a short-lived token URL that you can provision and redirect the user to that will log them into AnythingLLM automatically. Now, you can build your own middleware that works with your specific process, provider, and UI/UX and on successful authentication pass the user the URL to be redirected to and have them be fully authenticated seamlessly. Adding support for one provider means we need to add support for many many others and also the nuance of how people do authentication and frankly maintaining SSO will require so much bandwidth which is a distraction to the core proposition of this repo. Now it is possible and fully flexible to whatever or however you want that flow to work.
yindo changed title from Implement Single Sign-On (SSO) Authentication with Azure Active Directory, GitHub, and Google to [GH-ISSUE #1193] Implement Single Sign-On (SSO) Authentication with Azure Active Directory, GitHub, and Google 2026-06-05 14:36:55 -04:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Mintplex-Labs/anything-llm#736