[Enhancement] Auto user creation for OIDC login and password login deactivation

henrygd / beszel

Lightweight server monitoring hub with historical data, docker stats, and alerts.

MIT License

3.21k stars 101 forks source link

[Enhancement] Auto user creation for OIDC login and password login deactivation #303

Closed maxbrueckl closed 5 days ago

maxbrueckl commented 5 days ago

Right now, users need to be existing to be mapped and logged in via OIDC. It would be helpful to have the option for auto creation of said user on OIDC login request. To be more in line with a Single-sign-on philosophy.

This also opens up the possibility to disable password login for a group of users. This eliminates an attack vector and improves security.

henrygd commented 5 days ago

See #291 for instructions to allow auto user creation for OIDC. I will add an env var for this soonish.

Right now you can disable password login entirely but it cannot be customized to user groups. In the future we'll have MFA for password login as well.

I'll close the issue but let me know if you have questions or run into trouble with this.