GitHub user dosubot[bot] added a comment to the discussion: How to enable sso login in Superset 5.0.0?
<!-- Answer --> To enable SSO login in Superset 5.0.0, set up your authentication in `superset_config.py` using one of the supported SSO methods: OAuth, OIDC, LDAP, or REMOTE_USER. For OAuth/OIDC, set `AUTH_TYPE = AUTH_OAUTH` and configure the `OAUTH_PROVIDERS` list with your identity provider's details. You’ll also need a custom security manager that extends `SupersetSecurityManager` (not Flask AppBuilder’s SecurityManager) and implements an `oauth_user_info` method to extract user info from the provider’s response. Reference this class in your config with `CUSTOM_SECURITY_MANAGER` [example & details](https://github.com/apache/superset/discussions/32424). If you deploy with Helm or Docker, manage secrets like `CLIENT_ID` and `CLIENT_SECRET` via Kubernetes Secrets or environment variables, and ensure they’re referenced in your config. After configuring SSO, run `superset db upgrade` and `superset init` to update the database schema and permissions [init steps](https://github.com/apache/superset/issues/34320). Note: For background tasks (alerts, reports, thumbnails), SSO-only setups can cause issues with headless browser authentication. Workarounds include using guest tokens, public roles, or machine auth cookies [limitations & workarounds](https://github.com/apache/superset/discussions/33654). If you want both SSO and standard login, you can customize the login view in your security manager to support both flows [custom login example](https://github.com/apache/superset/discussions/32991). <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/e6437144-5f44-4ebe-bc75-7c5e0040a81c?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/e6437144-5f44-4ebe-bc75-7c5e0040a81c?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/e6437144-5f44-4ebe-bc75-7c5e0040a81c?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/e6437144-5f44-4ebe-bc75-7c5e0040a81c?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/e6437144-5f44-4ebe-bc75-7c5e0040a81c?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/e6437144-5f44-4ebe-bc75-7c5e0040a81c?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/e6437144-5f44-4ebe-bc75-7c5e0040a81c?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github)& nbsp;[](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/34542) GitHub link: https://github.com/apache/superset/discussions/34542#discussioncomment-13998198 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
