External auth/OIDC

[tecosaur]

Describe the feature or enhancement

Hi!

I'm interested in tying in Umami to a collection of apps I'm self-hosting, but Umami rolling its own authentication model that can't be side-stepped make it a much larger hassle than (without exception) every other service I'm currently running, which all either support OIDC/LDAP intergration or (in more simple cases) can have have auth disabled and insert an auth check in the reverse proxy.

I see this has come up before #1112, but since that issue has been closed as stale it seems like a new issue might be warranted. With a separate authentication service (including roles like admin) has already been set up, it's a pity when that can't be reused, duplicate accounts need to be created, and there's no longer one single place to manage who has access to what resources.

[stavros-k]

Even bigger orgs need OIDC.
Imagine to have to create hundreds of accounts and also make users use those instead of the SSO they use for everything else.

[MLB-BIOMETRIC]

I agree. LDAP integration would be awesome! 👍🏻

[nogweii]

There was some prior discussion in #1608, pointing to next-auth.js as a possible choice to build this feature. It seems that project has evolved and changed names, to auth.js.

[Outsmart2383]

Also interested in this feature.