You can connect LinkAce with an OAuth or OIDC provider to manage your users at a central place and let them login to
LinkAce with a single click. No separate registration needed. No duplicate passwords to save.
LinkAce supports various OAuth or OIDC providers.
Supported providers
Generic OIDC provider
Auth0
Authelia
Authentik
AWS Cognito
FusionAuth
Google
GitHub
GitLab
Keycloak
Microsoft Azure
Okta
Zitadel
General Configuration
To enable and configure Single Sign On, add the following configuration to your .env file. Please note that every SSO
provider has its own configuration which must be added to the .env file and properly set up if you want to use it.
Config
Possible Options
Default
Description
SSO_ENABLED
true/false
false
Enable SSO authentication via OAuth or OIDC
SSO_REGISTRATION_ENABLED
true/false
true
If set to false, users must have an existing SSO-enabled account to be able to login.
REGULAR_LOGIN_DISABLED
true/false
false
Disable the regular login form and user management.
User handling
While a user tries to login with any SSO provider, this is how the user account is handled:
If a user with the same email address already exists, but no SSO details are present yet, this user is automatically
connected to the user provided by the SSO provider. An internal ID is stored for that user.
If a user with the same email address already exists and SSO details are present, the user is logged in and those
fields are updated:
user name
authentication token (if applicable)
If no user with the same email address exists, a new user is registered and the user is automatically logged in.
If you disable your SSO provider after users registered with it, those users must manually reset their password via the
regular password reset feature.
After adding this to your .env file, the regular login form vanishes and a button to login with Auth0 will show up when
users try to login.
Callback URL is https://[[YOUR.LINKACE.INSTALL]]/auth/sso/[[SERVICE]]/callback (replace service with whatever comes between SSO_[[SERVICE]]_ENABLED in your .env file)
Provider Configuration
Generic OpenID Connect Provider
Config
Default
Description
SSO_OIDC_ENABLED
false
Enable SSO authentication for OIDC
SSO_OIDC_BASE_URL
The OIDC base URL (details see below)
SSO_OIDC_CLIENT_ID
The OIDC client ID
SSO_OIDC_CLIENT_SECRET
The OIDC client secret
SSO_OIDC_SCOPES
Additional scopes sent to the OIDC provider
The base URL must be set to the OpenID Configuration URL, but excluding the .well-known/openid-configuration part.
Example: If https://auth.company.com/application/linkace/.well-known/openid-configuration is your OIDC configuration
URL, then https://auth.company.com/application/linkace must be your base URL.
Auth0
Config
Default
Description
SSO_AUTH0_ENABLED
false
Enable SSO authentication for Zitadel
SSO_AUTH0_BASE_URL
The Auth0 base URL
SSO_AUTH0_CLIENT_ID
The Auth0 client ID
SSO_AUTH0_CLIENT_SECRET
The Auth0 client secret
Authelia
OIDC with Authelia works with the generic OIDC config. The critical succesfactor is the Authelia config, where PKCE needs to be disabled.