You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Parts of the documentation below assume that some one-time preparation steps have been done both in Strapi and in your identity provider (IdP). If these steps are skipped, the login button might appear on the Strapi login page but the flow will fail with a redirect or "invalid client" error. Make sure to follow all these steps:
75
-
76
-
<Checklisttitle="End-to-end SSO setup checklist">
77
-
<ChecklistItem>Enable SSO in Strapi: Go to <em>Global settings > Single Sign-On</em> in the admin panel and set up the feature (e.g. toggle auto-registration and choose the default role).</ChecklistItem>
78
-
<ChecklistItem>Register Strapi in your IdP: In the provider's dashboard (e.g. Azure AD, Okta, Google, GitHub), create a new OAuth/OIDC application for Strapi. Copy the client ID and client secret that the provider generates.</ChecklistItem>
79
-
<ChecklistItem>Add the Strapi callback URL to the provider: Set the redirect/callback URL in the provider configuration to the value generated by <code>{"strapi.admin.services.passport.getStrategyCallbackURL('<provider_uid>')"}</code> (e.g. <code>/admin/connect/google</code> if the UID is <code>google</code>). The provider must accept this URL or the login will be blocked.</ChecklistItem>
80
-
<ChecklistItem>Provide credentials to Strapi: Add the client ID and client secret as environment variables (e.g. <code>GOOGLE_CLIENT_ID</code>/<code>GOOGLE_CLIENT_SECRET</code>) so they can be read in <code>{"/config/admin.{js,ts}"}</code>.</ChecklistItem>
81
-
<ChecklistItem>Configure the provider in code: Import the provider's Passport strategy and add it to <code>auth.providers</code>.</ChecklistItem>
82
-
<ChecklistItem>Rebuild and restart Strapi: Run <code>yarn build && yarn develop</code> or <code>npm run build && npm run develop</code> so the new provider appears on the login page. If the admin panel is hosted separately, also ensure the <ahref="/cms/admin-panel-customization/host-port-path"><code>url</code> setting</a> matches the deployed admin URL.</ChecklistItem>
74
+
Parts of the documentation below assume that some steps have been done previously both in Strapi and in your identity provider. If these steps are skipped, the login button might appear on the Strapi login page but the flow will fail with a redirect or "invalid client" error. Make sure to follow all the steps of the checklist before moving onto the rest of the documentation.
75
+
76
+
<Checklisttitle="SSO setup checklist">
77
+
<ChecklistItem>[Enable SSO in Strapi](/cms/features/sso#admin-panel-settings) <br/> Go to <em>Global settings > Single Sign-On</em> in the admin panel and set up the feature (e.g. toggle auto-registration and choose the default role).</ChecklistItem>
78
+
<ChecklistItem>Register Strapi in your identity provider <br/> In the provider's dashboard (e.g. Azure AD, Okta, Google, GitHub), create a new OAuth/OIDC application for Strapi. Copy the client ID and client secret generated by the provider.</ChecklistItem>
79
+
<ChecklistItem>[Add the Strapi callback URL to the provider](#the-createstrategy-factory) <br/> Set the redirect/callback URL in the provider configuration to the value generated by <code>{"strapi.admin.services.passport.getStrategyCallbackURL('<provider_uid>')"}</code> (e.g. <code>/admin/connect/google</code> if the UID is <code>google</code>). The provider must accept this URL or the login will be blocked.</ChecklistItem>
80
+
<ChecklistItem>[Provide credentials to Strapi](#configuring-the-provider) <br/> Add the client ID and client secret as environment variables (e.g. <code>GOOGLE_CLIENT_ID</code>/<code>GOOGLE_CLIENT_SECRET</code>) so they can be read in <code>{"/config/admin.js|ts"}</code>.</ChecklistItem>
81
+
<ChecklistItem>[Configure the provider in code](#configuring-the-provider) <br/> Import the provider's Passport strategy and add it to <code>auth.providers</code>.</ChecklistItem>
82
+
<ChecklistItem>Rebuild and restart Strapi <br/> Run <code>yarn build && yarn develop</code> or <code>npm run build && npm run develop</code> so the new provider appears on the login page. If the admin panel is hosted separately, also ensure the <code>url</code> setting matches the deployed admin URL (see [Host, port and path](/cms/admin-panel-customization/host-port-path).</ChecklistItem>
83
83
</Checklist>
84
84
85
85
A provider's configuration is a JavaScript object built with the following properties:
0 commit comments