ssddanbrown
commented
2 months ago Hi @CdrMarks,
Just to help me understand better, Are you using Google workspace for authentication? If so, what authentication method/option are you using for this?
Open CdrMarks opened 2 months ago
ssddanbrown
commented
2 months ago Hi @CdrMarks,
Just to help me understand better, Are you using Google workspace for authentication? If so, what authentication method/option are you using for this?
CdrMarks
commented
2 months ago I am using the Social / Third Party method for authentication.
ssddanbrown
commented
2 months ago @CdrMarks Do you intend all users to use (or have access to) this Google workspace auth option? (Are all your bookstack users part of the Google workspace?)
CdrMarks
commented
2 months ago No, I do not (they are not).
My current plan was to have employees login with Google and non-employee contractors login using their an email address and password.
If all of my users did have an account within my Google workspace, what option(s) might be available?
ssddanbrown
commented
2 months ago If all of my users did have an account within my Google workspace, what option(s) might be available?
You could instead use OIDC/SAML which can provide a nicer single-sign-on experience while having support for group/role sync with the auth system (can't remember which Google supports groups with, but pretty sure it provides groups via SAML and/or OIDC).
Otherwise, I'm really not keen on extending out group sync support to our third party auth options officially within the core app.
Using the logical theme system it might be possible to watch for login events via google, then use Google APIs to look up the user details then get their group detail to then manually sync with BookStack roles.
CdrMarks
commented
2 months ago I'll give OIDC and SAML a look. I had looked at those pages before implementing the Third Party option, but didn't see Google explicitly mentioned, so I wasn't aware OIDC/SAML might work too. If I'm able to get basic authentication working using one of those options, I'll open a PR to add to the docs.
ssddanbrown
commented
2 months ago I'll open a PR to add to the docs.
I've just updated the site so that the Google third-party auth docs now shows a notice about other options. SAML2 looks best suited since Google is limited with group data over standard OIDC.
Otherwise, thanks for the offer of adding to the docs but I avoid adding vendor/service specific guidance to our docs since it's a pain to maintain. I instead prefer to do videos if it's a common scenario, since videos are not expected to be maintained to the same level, and are a snapshot in time.
Describe the feature you'd like
I would like a way to map a Google workspace group to a a Bookstack role to automate users being assigned certain roles.
No need for a UI for this. An array in my functions.php file to map groups to roles would be sufficient.
Describe the benefits this would bring to existing BookStack users
In Google workspace, I have configured users to be members of certain groups. This integration would allow me to define user/group membership once in Google and see that rolled out to bookstack.
Can the goal of this request already be achieved via other means?
It might be possible using the logical theme system and the APP_BOOT event by monitoring the callback payload, but I am not familiar with what the payload contains.
Have you searched for an existing open/closed issue?
How long have you been using BookStack?
Under 3 months
Additional context
No response