Skip to Content
Trebuie să fiți înregistrat pentru a interacționa cu comunitatea.
All Posts Oameni Insigne
Etichete (View all)
odoo accounting v14 pos v15
Despre acest forum
Această întrebare a fost marcată
loginpageOdoo.shSSO
2 Răspunsuri
184 Vizualizări
Imagine profil
Rutger Hofste

We have a customer with strict security requirements who wants to enforce authentication only via Azure Entra ID (SSO).

Currently, SSO is enabled and works as expected, but it’s still possible for users to log in using their Odoo username and password. This is not acceptable for their compliance needs, they want SSO to be the only authentication method.

Has anyone implemented a setup where Odoo completely disables local authentication (i.e., direct username/password login), allowing only Azure Entra ID-based SSO access?

We’re looking for the cleanest and most secure approach, ideally something that doesn’t break admin access or automated processes.

Any insights or best practices would be greatly appreciated!


Imagine profil
Abandonează
Rutger Hofste
Autor

Thanks a lot for your Answer Jainesh, much appreciated. So far we've relied on Odoo.sh and allow future updates?

Imagine profil
Latus GmbH
Cel mai bun răspuns

Hi Rutger, 

Changing the login form is possible, but actually an incomplete approach if you think of security. 
This is because the server will still allow requests for logging in with user and password. 

We are currently building a module to do this correctly and also decide per user how they are allowed to login. 

Let's connect (I've sent you a request on LinkedIn) so you can have a look at the module once finished. 
Thanks and best regards

Joep

Imagine profil
Abandonează
Imagine profil
Jainesh Shah(Aktiv Software)
Cel mai bun răspuns
Hello Rutger Hofste,

If you want to disable the standard Odoo username/password login and allow access only through Azure Entra ID (SSO), you can accomplish this by inheriting the web.login template and removing the local login elements.
Odoo does not provide a built-in setting to “turn off” password login, but you can fully block it by overriding the login template.

In your inherited template (web.login), hide/remove the following:
Email input block
The <div> that contains the email label and login input field.
Password input block
The <div> that contains the password label and password input field.
Log In button
The standard submit button used for local authentication.
Log In as Superuser (debug mode)
The secondary login button that appears when debug mode is active.
Once these elements are removed from the overridden web.login template, the local login form disappears completely, and only your OAuth / Azure Entra ID SSO buttons remain on the login page.

Result:
Users cannot enter an email or password.
Standard Odoo authentication becomes impossible.
Only SSO remains available.

Matches strict compliance/security requirements.

Imagine profil
Abandonează
Related Posts Răspunsuri Vizualizări Activitate
How to Add a User to Access the Database on Odoo.sh?
Odoo.sh
Imagine profil
Imagine profil
1
oct. 25
4017
Odoo.SH Github account ownership transfer, trying to change the repository
Odoo.sh
Imagine profil
Imagine profil
Imagine profil
2
mar. 25
8059
Odoo.sh sale commission Rezolvat
Odoo.sh
Imagine profil
Imagine profil
1
aug. 23
2858
Odoo.sh Bad Gateway
Odoo.sh
Imagine profil
0
nov. 21
3867
How to restore login page
loginpage
Imagine profil
Imagine profil
Imagine profil
3
ian. 20
7435