I’ve recently updated our site to use SSO with Authentik.
Current RT::Authen::OAuth2 worked, but it was a bit limited. So I’ve added a few new features, for example:
- Manage RT’s groups if the Identity Provider supports groups.
- Set static groups for newly created users if groups are not supported.
- Supports different settings for different groups (or no groups).
- Option to require users to be in specified groups to be able to log in.
- Option to remove user’s existing RT password after a successful OAuth login (So login is only then possible via OAuth, not with username/password.
- Less awkward config changing from defaults.
- Other improvements
Would appreciate some feedback/testing.
Rob