SSO Authentication?

[mguthrie]

Hey Guys,

Any plans to support SSO authentication options? We use Okta for a lot of our external applications to tie them back to AD, and we'd love to be able to use something like this with XI.

[scottwilkerson]

Hi Mike!

We've talked about adding some options for SSO, but don't have anything set in stone yet.

You could likely take a whack at creating your own via component similar to the old AD/LDAP method. Down-side would be you would still need to add all the users manually.

[rwestover]

Has there been any update on this, as it looks like you were contemplating it over a year ago? Thanks!

[dwhitfield]

There are no current plans for SSO. However, I would advise checking on the status in December. As far as I am aware, the features for XI 5.5 have not yet been decided and then of course here is XI 6.0. If a lot of people say they want this, then it may happen, but it does not seem to be in high demand.

[kevinmjacobsen]

Please consider this another request for SSO (SAML 2.0 preferred).

We have 25+ Nagios servers and having SSO would be an easier approach for our large and growing environment.

[dwhitfield]

(SAML 2.0 preferred).

We have decided not to move forward with SAML per Feature Request 7684. We are still considering SSO options. I would suggest checking back in 2019 after XI 6.0 is out. If there are changes in the roadmap, you will find them at https://www.nagios.com/roadmaps/

[tonkaUser]

What is the recommended SSO option for Nagios?

[dwhitfield]

Active Directory/LDAP

[bawood]

This is unfortunate and disappointing. Enabling AD or LDAP for authentication is not SSO. While it is better than managing passwords independently, SSO allows you to authenticate once and then gain access to any SSO enabled application without entering your username/password again.

The University of Michigan developed a web SSO application nearly 20 years ago, more background on it at http://weblogin.org. Most cloud providers are supporting federated SSO using SAML2, but it's not much more difficult to integrate.
https://wiki.shibboleth.net/confluence/ ... pplication. Primarily, if Nagios just supported using the REMOTE_USER variable, it would be a big improvement. It would be great if it also supported AD/LDAP for authorization, i.e. allowing only specific users access and define their role based on their membership from directory groups.
Thanks and I hope Nagios reconsiders looking at integrating an improve SSO feature.

[dwhitfield]

If you think this is something we could easily integrate into Core, I would suggest filing a feature request at https://github.com/NagiosEnterprises/na ... issues/new