This plugin can provide single sign-on.
You will be able to log in to the administration screen using your Google account or Cognito User Pool or Azure.
Currently supports Cognito user pool and Google accounts.
Please read the documents for some precautions.
This plugin is developed by one engineer. If possible, consider using the Gold Plan features.
yarn add strapi-plugin-ssoor
npm i strapi-plugin-sso- Strapi Version4
- strapi-plugin-sso
- Google Account or AWS Cognito UserPool
// config/plugins.js
module.exports = ({env}) => ({
'strapi-plugin-sso': {
enabled: true,
config: {
// Google
GOOGLE_OAUTH_CLIENT_ID: '[Client ID created in GCP]',
GOOGLE_OAUTH_CLIENT_SECRET: '[Client Secret created in GCP]',
GOOGLE_OAUTH_REDIRECT_URI: 'http://localhost:1337/strapi-plugin-sso/google/callback', // URI after successful login
GOOGLE_ALIAS: '', // Gmail Aliases
GOOGLE_GSUITE_HD: '', // G Suite Primary Domain
// Cognito
COGNITO_OAUTH_CLIENT_ID: '[Client ID created in AWS Cognito]',
COGNITO_OAUTH_CLIENT_SECRET: '[Client Secret created in AWS Cognito]',
COGNITO_OAUTH_DOMAIN: '[OAuth Domain created in AWS Cognito]',
COGNITO_OAUTH_REDIRECT_URI: 'http://localhost:1337/strapi-plugin-sso/cognito/callback', // // URI after successful login
COGNITO_OAUTH_REGION: 'ap-northeast-1', // AWS Cognito Region
// AzureAD
AZUREAD_OAUTH_REDIRECT_URI: 'http://localhost:1337/strapi-plugin-sso/azuread/callback',
AZUREAD_TENANT_ID: '[Tenant ID created in AzureAD]',
AZUREAD_OAUTH_CLIENT_ID: '[Client ID created in AzureAD]', // [Application (client) ID]
AZUREAD_OAUTH_CLIENT_SECRET: '[Client Secret created in AzureAD]',
AZUREAD_SCOPE: 'user.read', // https://learn.microsoft.com/en-us/graph/permissions-reference
}
}
})- ✅ NodeJS <= 18.x
- Strapi 4.1.7 or higher
Google Single Sign On Specifications
Google Single Sign-On Specifications
Cognito Single Sign-On Specifications
TODO AzureAD Single Sign On Setup
