User SSO (google) or bulk add users?

Questions, comments, discussions. Over time certain topics might be moved to their own category.
Post Reply
egradman
Posts: 3
Joined: Thu Dec 05, 2019 9:11 pm

User SSO (google) or bulk add users?

Post by egradman »

This project is great, and I'm looking forward to rolling it out in my organization. I have it running well in a Kubernetes cluster.

I have a lot of users, and I don't want to add them all manually.

Ideally I could authenticate against Google single sign-on (GSuite), with users being created as they log in for the first time. Barring that, I'd be happy if there was some interface to add users in bulk and add them to an initial group.

Is there a REST API, a python script, or even a database table where I should look to create users in bulk? I'm perfectly happy tinkering under the hood (Python, pgsql, and docker are very familiar) but I want to make sure I'm going about the right way.

Thanks for an excellent project!

User avatar
rosarior
Developer
Developer
Posts: 494
Joined: Tue Aug 21, 2018 3:28 am
Location: Puerto Rico
Contact:

Re: User SSO (google) or bulk add users?

Post by rosarior »

No Google or SSO integration but there is a REST API.

A POST requests to the /users endpoint is all that is required.

The book provides examples and details all the endpoints and schemas.

There is also some basic examples in the documentation's REST API chapter: https://docs.mayan-edms.com/chapters/rest_api.html
Attachments
2019-12-05_19-46.png
2019-12-05_19-46.png (79.23 KiB) Viewed 408 times

User avatar
rssfed23
Moderator
Moderator
Posts: 191
Joined: Mon Oct 14, 2019 1:18 pm
Location: United Kingdom
Contact:

Re: User SSO (google) or bulk add users?

Post by rssfed23 »

Egradman,

If you already have Gsuite Enterprise with their advanced ID management offering they already provide you with a LDAPS server you can connect directly to Mayans LDAP: https://support.google.com/a/answer/9048516?hl=en

Just had an idea while I was playing around with ldap and think it's relevant to this old thread. Although Mayan EDMS doesn't have SSO today, it does have LDAP which works well.
You can use a service which authenticates users against gsuite and then provides credentials over LDAP.

I know this process to work as it's how I do all my ldap authentication myself. I use www.jumpcloud.com (as it's completely free for less than 10 users so suits my needs perfectly) for this. Jumpcloud is bound to my Gsuite account and that's where the actual user authentication happens but authentication is done with remote services over LDAP.

What happens when I go to login to Mayan is I input my Gsuite username/password (although the password is irrelevant) and as the directories are synced it works.

What the origional thread is asking for though is something akin to OpenID Connect or SAML. I've logged a feature request for that: https://gitlab.com/mayan-edms/mayan-edms/issues/751

In the interim, it's worth looking into a solution like this (there's a few out there. Okta can also do it) because you can have it work with any service supporting LDAP bindings so any internal app you use supporting LDAP can use your existing IDP not just Mayan.

If you're in an enterprise and looking for features like this then this is where support plans come into play. Custom consulting agreements can be made to help implement features like this. Of course we can't provide support for a third party service (that's what their support team is for) but the LDAP implementation/connection is something we can look at.
For the specific SSO via LDAP functionality I describe above we can always look at doing a short demo as part of that process as well of course. Organisations are also potentially able to sponsor specific features as part of an agreement and that can be looked into also to see if it's possible.

Just wanted to give you a couple of extra options. You can of course do everything through the API :)
Please don't PM for general support; start a new thread with your issue instead.

Post Reply