Strapi plugin strapi-plugin-sso

This plugin can provide single sign-on.

You will be able to log in to the administration screen using your Google account or Cognito User Pool or Azure.

Currently supports Cognito user pool and Google accounts.

Please read the documents for some precautions.

This plugin is developed by one engineer. If possible, consider using the Gold Plan features.

Easy to install

yarn add strapi-plugin-sso

npm i strapi-plugin-sso

Requirements

Strapi Version4
strapi-plugin-sso
Google Account or AWS Cognito UserPool

Example Configuration

// config/plugins.js
module.exports = ({env}) => ({
  'strapi-plugin-sso': {
    enabled: true,
    config: {
      // Google
      GOOGLE_OAUTH_CLIENT_ID: '[Client ID created in GCP]',
      GOOGLE_OAUTH_CLIENT_SECRET: '[Client Secret created in GCP]',
      GOOGLE_OAUTH_REDIRECT_URI: 'http://localhost:1337/strapi-plugin-sso/google/callback', // URI after successful login
      GOOGLE_ALIAS: '', // Gmail Aliases
      GOOGLE_GSUITE_HD: '', // G Suite Primary Domain
      
      // Cognito
      COGNITO_OAUTH_CLIENT_ID: '[Client ID created in AWS Cognito]',
      COGNITO_OAUTH_CLIENT_SECRET: '[Client Secret created in AWS Cognito]',
      COGNITO_OAUTH_DOMAIN: '[OAuth Domain created in AWS Cognito]',
      COGNITO_OAUTH_REDIRECT_URI: 'http://localhost:1337/strapi-plugin-sso/cognito/callback', //  // URI after successful login
      COGNITO_OAUTH_REGION: 'ap-northeast-1', // AWS Cognito Region 

      // AzureAD
      AZUREAD_OAUTH_REDIRECT_URI: 'http://localhost:1337/strapi-plugin-sso/azuread/callback',
      AZUREAD_TENANT_ID: '[Tenant ID created in AzureAD]',
      AZUREAD_OAUTH_CLIENT_ID: '[Client ID created in AzureAD]', // [Application (client) ID]
      AZUREAD_OAUTH_CLIENT_SECRET: '[Client Secret created in AzureAD]',
      AZUREAD_SCOPE: 'user.read', // https://learn.microsoft.com/en-us/graph/permissions-reference
    }
  }
})