Multiple domains auth

Question

Multiple domains auth

Ilya-Kuchaev opened this issue 8 years ago · 14 comments

Ilya-Kuchaev commented 8 years ago

Hello,

Please add the possibility to login from multiple domains. Like here https://github.com/educreations/sentry-sso-google

Thanks!

Answer 1 · 2016-12-05T17:56:29.000Z

This is definitely something we'd like to do.

In your case are you using multiple Google Business accounts, or simply multiple domains on the same account?

Answer 2 · 2016-12-05T18:19:52.000Z

The first option - multiple Google Business accounts, or even regular Gmail addresses.

Answer 3 · 2016-12-05T18:23:57.000Z

I think we can support multiple business accounts, though we're never going to allow generic @gmail.com to authenticate as it defeats the purpose of SSO. No commitments on when this will happen, as it's a bit non trivial.

Answer 4 · 2016-12-05T18:25:58.000Z

I see. Let's stay with at least business accounts. It's really a blocker for us. Thank you in advance!

Answer 5 · 2016-12-05T18:38:48.000Z

@Ilya-Kuchaev can you confirm that this is discrete business accounts or simply domain aliases? domain aliases I'm guessing are actually already supported, so I'm assuming the former, and now looking at the code this will definitely be pretty tricky to do. I think we'd have to allow you to add multiple SSO providers.

Alternatively we'd have to add some pretty hairy code which allows you to add multiple domains, but would require that whoever's configuring the second domain have an account with it (thus needing it on both domains). The complexity here is we can only store one identity per user today, which means adding a second domain wouldn't allow you to authenticate as either foo@baz, only your original account which is foo@bar. That might be an ok-ish solution but I see it causing problems down the road.

Answer 6 · 2016-12-05T19:14:38.000Z

Yes. We have an internal Sentry instance which handle the staging environments issues with the configured google auth. It works like a charm with our company's Google Apps domain, but we have to add some our clients from the separate Google Apps domain. They receive's invite, but can't login then.

Answer 7 · 2016-12-05T19:18:03.000Z

@Ilya-Kuchaev I think I see the greater issue here. Right now if you have SSO enabled, and you're on-premise, we effectively force you to use SSO login. Given that we offer an option to allow access without an SSO connected account, we need to also allow you to login with standard credentials on that same screen.

Answer 8 · 2016-12-05T19:21:55.000Z

That would be an option. If I could create the account without SSO. Just take a look at GitLab - they can authorize you with GitHub, Google, GitLab, BitBucket, etc,
or even with an internal username.

Answer 9 · 2016-12-12T18:23:25.000Z

@Ilya-Kuchaev we'll fix the auth issue, but what you're referring to on GitLab is not SSO -- its purely a shortcut for creating an account. It serves a very different purpose from Sentry's Single Sign On, which is about security and control.

Answer 10 · 2016-12-21T11:39:30.000Z

Any news here?

Answer 11 · 2016-12-21T18:01:03.000Z

Just for clarity were not actively working on this right now. It's something we'd like to improve but given that no paying customers have asked for it weve sidebarred.

Answer 12 · 2017-02-22T18:05:03.000Z

Closing this out since we now support multiple domains on the backend (requires updating the DB)

Answer 13 · 2017-08-23T18:07:53.000Z

Is this available on sentry.io now (not self-hosted version)? If yes, how do I add a second domain?

Answer 14 · 2017-08-23T18:14:30.000Z

@t-anjan its on both, but for sentry.io you have to contact support@ (include the organization ID and the new domain you need to add, as well as a contact email address with the new domain to verify).