SAML2/OAuth Login Method (i.e. Okta)

[metalcated 22]

I am looking to see if a SAML2/OAuth plugin is something others would use. I myself would love this feature to share Emby publicly with family members and friend and worry a little less about insecure passwords that some may use. I personally am a big advocate for security as I work in IT and see how a lack of good security can cause havoc. I love Okta and what it offers. Anyone can sign up and use it for free under 1000 users if you sign up as a Developer. That is just plain awesome. 

 

Let's see who else is interested. I am excited to find out! 

 

Thanks

Edited August 31, 2019 by metalcated

[Tur0k 143]

I would be game for this!!!

 

 

Sent from my iPhone using Tapatalk

[hrehuhasdf 4]

Bump

Please add this feature

[maegibbons 1267]

Wow three people want this!

 

I am so pumped about this being written in the next..... decade and I dont mean the 20's.

 

Krs

 

Mark

 

A 'like' is always appreciated!

[francescoc 4]

I am also interested in this feature. I don't get if @maegibbons irony is towards @metalcated or Emby's development team.

[nt-it-team 1]

With more and more directory services (including Azure AD which is in use here) support SAML2 as a preference it would be beneficial for Emby to be ahead on this one.

[denniseSRI 0]

Is this feature being worked on?

[rbjtech 4254]

Lets get SSL in the box first ... better not let @cayars see this post ... 

[Carlo 4330]

I'm all for things like this, even if I don't think a lot of people will use it.  Those who like it will have it.

But I agree SSL out of the box will do a lot more good for many more people.

Edited April 15, 2021 by cayars

[whiteowl 0]

bumpity bump.

Edited April 7, 2021 by whiteowl
this is that.

[collateraldamage 6]

please give us more and better ways to secure our servers, i'd love to see saml2 support!

[AshranPewter 3]

Would like to put my hat in to say I'm interested in this. 3rd party authentication would be awesome for hardening and securing everything (reverse proxy and obscurity can only do so much!).

"Sorry to all the people in this thread in advance that are getting notifications and thus your hopes up"

[TXK57 32]

+1 for SAML2 Auth

Azure AD, Okta would be fantastic to SSO into the app and have MFA.

LDAP works with Okta or JumpCloud with MFA. I would prefer SAML Auth though.

Edited August 19, 2022 by TKX57

[TXK57 32]

For SSL I'm currently using reverse proxy + DNS API to register certs. I'm sure that something like this could be built into emby to pull the cert via cloudflare, godaddy api. Since this seems to be more important then SAML Auth.

I tried using SAML Auth with caddy and passing that back through Emby but didn't seem to get it work with everything.

[TXK57 32]

Here are some opensource tool kits for SAML https://www.samltool.com/

[TXK57 32]

Could use oauth, looks easier to setup

 

[MajesticFudgie 0]

+1 to this.

I've recently moved from other solutions to Emby and instantly thrown ££ at Emby premium.

Something like this would be brilliant to allow friends and family to access Emby via oAuth.
Discord, Spotify or Twitter come to mind as platforms I'd like to be able to support.

It'd also help push the 2FA issue onto a different provider and be one less place to keep 2FA or passwords for.

Maybe even allowing custom authentication via something such as FusionAuth or tooling up with CloudFlare Access ontop of their proxy solution.

[JordanReich 4]

For the last decade or so, I have used Plex as my primary media content provider.

However, circumstances have caused me to rethink that decision, and I have started to lean into Emby as a total replacement to complete a lift and shift. One of the reasons behind that decision was the existence of the LDAP plugin in the environment to allow control from a centralized source. -- Thank you, @Luke

I think there is a way to take on this kind of effort in a phased approach. I do not care if SAML is integrated into the numerous applications and environments that would need to be updated to make this function properly. All I would require to call it a reasonable success is the ability to incorporate Emby Connect into a SAML environment.

LDAP is, in my opinion, essentially useless without being able to incorporate it into the pin authentication method. It's a tough sell to tell folks that you'll need to log in with that username and password (that happens to be 12 digits or more) on every TV system around the house.

But my local LDAP can pipe into Azure AD (Or Entra nowadays) and then be SAML connected to Emby Connect. I now have a way to control access accounts that is friendly to end users and meets the need from a system administrator perspective.

I know your average system user has this system, and this alone and self-contained passwords work fine. But this is a niche that no one provides for today and has what I believe is some value proposition behind it that a subset of your target audience would genuinely appreciate.

 

Edited November 25, 2023 by JordanReich

[ItsMee 1]

I made a new topic, but Luke kindly directed me here.

 

I'll quote the question I asked, so there's no need to write it again.

-------------------------------------------------------------

Background:

I'm running Emby on synology nas (from package center). And i'm using synology own reverse proxy to to publish Emby to the outside world. 

 

Question is: 

Synology has its own SSO Server and there is SAML service. Does anyone know if it is possible to get this to work with Azure SSO to use azure user and MFA? I want 1 more security layer if it is possible.

 

I hope I was able to explain clearly enough.

----------------------------------------------------------------------

I tried playing around with those services a bit, but I don't fully understand them, so I'm not sure if that even works. MFA is the most important feature, what i'm looking for.