User SSO (google) or bulk add users?

Questions, comments, discussions. Over time certain topics might be moved to their own category.
Post Reply
Posts: 3
Joined: Thu Dec 05, 2019 9:11 pm

User SSO (google) or bulk add users?

Post by egradman »

This project is great, and I'm looking forward to rolling it out in my organization. I have it running well in a Kubernetes cluster.

I have a lot of users, and I don't want to add them all manually.

Ideally I could authenticate against Google single sign-on (GSuite), with users being created as they log in for the first time. Barring that, I'd be happy if there was some interface to add users in bulk and add them to an initial group.

Is there a REST API, a python script, or even a database table where I should look to create users in bulk? I'm perfectly happy tinkering under the hood (Python, pgsql, and docker are very familiar) but I want to make sure I'm going about the right way.

Thanks for an excellent project!
User avatar
Posts: 546
Joined: Tue Aug 21, 2018 3:28 am
Location: Puerto Rico

Re: User SSO (google) or bulk add users?

Post by rosarior »

No Google or SSO integration but there is a REST API.

A POST requests to the /users endpoint is all that is required.

The book provides examples and details all the endpoints and schemas.

There is also some basic examples in the documentation's REST API chapter:
2019-12-05_19-46.png (79.23 KiB) Viewed 1066 times
User avatar
Posts: 213
Joined: Mon Oct 14, 2019 1:18 pm
Location: United Kingdom

Re: User SSO (google) or bulk add users?

Post by rssfed23 »


If you already have Gsuite Enterprise with their advanced ID management offering they already provide you with a LDAPS server you can connect directly to Mayans LDAP:

Just had an idea while I was playing around with ldap and think it's relevant to this old thread. Although Mayan EDMS doesn't have SSO today, it does have LDAP which works well.
You can use a service which authenticates users against gsuite and then provides credentials over LDAP.

I know this process to work as it's how I do all my ldap authentication myself. I use (as it's completely free for less than 10 users so suits my needs perfectly) for this. Jumpcloud is bound to my Gsuite account and that's where the actual user authentication happens but authentication is done with remote services over LDAP.

What happens when I go to login to Mayan is I input my Gsuite username/password (although the password is irrelevant) and as the directories are synced it works.

What the origional thread is asking for though is something akin to OpenID Connect or SAML. I've logged a feature request for that:

In the interim, it's worth looking into a solution like this (there's a few out there. Okta can also do it) because you can have it work with any service supporting LDAP bindings so any internal app you use supporting LDAP can use your existing IDP not just Mayan.

If you're in an enterprise and looking for features like this then this is where support plans come into play. Custom consulting agreements can be made to help implement features like this. Of course we can't provide support for a third party service (that's what their support team is for) but the LDAP implementation/connection is something we can look at.
For the specific SSO via LDAP functionality I describe above we can always look at doing a short demo as part of that process as well of course. Organisations are also potentially able to sponsor specific features as part of an agreement and that can be looked into also to see if it's possible.

Just wanted to give you a couple of extra options. You can of course do everything through the API :)
Please bear with us during the current global situation. The team all have families and local communities to look after as well as the community here. Responses may be delayed during this time, but rest assured we will get to your query eventually.
Post Reply