29 lines
979 B
Markdown
29 lines
979 B
Markdown
# Configure SSO for Organization
|
|
|
|
**ID:** ORG-006
|
|
**Priority:** High
|
|
**Status:** Planned
|
|
|
|
## User Story
|
|
As an organization owner, I want to configure Single Sign-On with my company's identity provider so that employees can use their corporate credentials.
|
|
|
|
## Acceptance Criteria
|
|
- [ ] Support SAML 2.0 SSO configuration
|
|
- [ ] Support OIDC/OAuth SSO configuration
|
|
- [ ] Test connection before enabling
|
|
- [ ] Auto-provision users on first SSO login (JIT provisioning)
|
|
- [ ] Map SSO attributes to user profile fields
|
|
- [ ] Option to require SSO for all org members
|
|
- [ ] Bypass SSO for emergency admin access
|
|
- [ ] Support multiple SSO providers per organization
|
|
|
|
## Technical Notes
|
|
- Implement SAML assertion consumer service
|
|
- Store SSO configuration securely (encrypted secrets)
|
|
- Certificate management for SAML
|
|
- Consider using passport-saml and passport-openidconnect
|
|
- Metadata endpoint for easy IdP configuration
|
|
|
|
## Related TODOs
|
|
- New feature - enterprise SSO capability
|