[Feature Request] Add SAML Authentication Support for NetBird #1597

Open
opened 2025-11-20 05:33:31 -05:00 by saavagebueno · 0 comments
Owner

Originally created by @chirag-rastogi on GitHub (Feb 6, 2025).

Description:
NetBird currently supports OIDC for authentication, which is beneficial. However, SAML ( support is still essential for many organizations that rely on enterprise SSO solutions which might not allow OIDC.

Why SAML is Needed Despite OIDC Support:
While OIDC is modern and widely used, many enterprises still operate primarily on SAML due to:

  • Existing Enterprise Infrastructure: Many organizations have legacy and compliance-driven IdPs that only support SAML.
  • SSO Standardization: Some organizations prefer a unified authentication method across all applications, and SAML remains a standard in many enterprises.
  • Seamless Integration with Large IdPs: Many IdPs offer stronger native SAML support over OIDC, making integration simpler for IT teams.

Proposed Implementation:

  • Add SAML authentication alongside the existing OIDC integration.
  • Provide SP metadata for easy integration with IdPs.
  • Enable role-based access control (RBAC) mapping via SAML attributes.
  • Ensure compatibility with major SAML providers (Google Workspace, Okta, Microsoft Entra ID, OneLogin).

Alternative Workarounds:
While SAML-to-OIDC bridges exist, they add unnecessary complexity and overhead. Native SAML support would streamline deployment and improve security

Originally created by @chirag-rastogi on GitHub (Feb 6, 2025). Description: NetBird currently supports OIDC for authentication, which is beneficial. However, SAML ( support is still essential for many organizations that rely on enterprise SSO solutions which might not allow OIDC. Why SAML is Needed Despite OIDC Support: While OIDC is modern and widely used, many enterprises still operate primarily on SAML due to: - **Existing Enterprise Infrastructure:** Many organizations have legacy and compliance-driven IdPs that only support SAML. - **SSO Standardization:** Some organizations prefer a unified authentication method across all applications, and SAML remains a standard in many enterprises. - **Seamless Integration with Large IdPs:** Many IdPs offer stronger native SAML support over OIDC, making integration simpler for IT teams. Proposed Implementation: - Add SAML authentication alongside the existing OIDC integration. - Provide SP metadata for easy integration with IdPs. - Enable role-based access control (RBAC) mapping via SAML attributes. - Ensure compatibility with major SAML providers (Google Workspace, Okta, Microsoft Entra ID, OneLogin). Alternative Workarounds: While SAML-to-OIDC bridges exist, they add unnecessary complexity and overhead. Native SAML support would streamline deployment and improve security
saavagebueno added the feature-request label 2025-11-20 05:33:31 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: SVI/netbird#1597