Feature Request: Support for OIDC / Keycloak Integration for Centralized Identity Management #194

New Issue

Closed

opened 2026-04-05 16:15:57 +02:00 by MrUnknownDE · 0 comments

MrUnknownDE commented 2026-04-05 16:15:57 +02:00

Owner

Copy Link

Originally created by @diegosarina on 1/24/2026

Problem Statement: Currently, Databasus manages users and roles internally. For organizations with multiple tools, this creates "identity silos," requiring manual user provisioning, deprovisioning, and password management within the application itself.

The Case for OIDC (Keycloak): Implementing an OpenID Connect (OIDC) client would allow Databasus to integrate with enterprise identity providers like Keycloak, Okta, or Authelia.

• Centralized Access Control: Admins can manage who has access to Databasus from a single point (SSO).

• Security: Offload MFA (Multi-Factor Authentication) and password policies to a dedicated IAM (Identity and Access Management) tool.

• Onboarding/Offboarding: Automatically grant or revoke access when a member joins or leaves the company via OIDC groups/claims.

• Scalability: Essential for DevOps teams managing multiple environments where local user management becomes unfeasible.

Suggested Implementation: Add configuration flags (or environment variables) for OIDC_ISSUER_URL, OIDC_CLIENT_ID, and OIDC_CLIENT_SECRET. Mapping OIDC groups to Databasus Workspaces/Roles would be the "gold standard." :)

*Originally created by @diegosarina on 1/24/2026* **Problem Statement:** Currently, Databasus manages users and roles internally. For organizations with multiple tools, this creates "identity silos," requiring manual user provisioning, deprovisioning, and password management within the application itself. **The Case for OIDC (Keycloak):** Implementing an OpenID Connect (OIDC) client would allow Databasus to integrate with enterprise identity providers like Keycloak, Okta, or Authelia. - Centralized Access Control: Admins can manage who has access to Databasus from a single point (SSO). - Security: Offload MFA (Multi-Factor Authentication) and password policies to a dedicated IAM (Identity and Access Management) tool. - Onboarding/Offboarding: Automatically grant or revoke access when a member joins or leaves the company via OIDC groups/claims. - Scalability: Essential for DevOps teams managing multiple environments where local user management becomes unfeasible. **Suggested Implementation:** Add configuration flags (or environment variables) for `OIDC_ISSUER_URL`, `OIDC_CLIENT_ID`, and `OIDC_CLIENT_SECRET`. Mapping OIDC groups to Databasus Workspaces/Roles would be the "gold standard." :)

MrUnknownDE closed this issue 2026-04-05 16:15:57 +02:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

website

develop

v3.32.0

v3.31.0

v3.30.0

v3.29.1

v3.29.0

v3.28.1

v3.28.0

v3.27.0

v3.26.0

v3.25.0

v3.24.3

v3.24.2

v3.24.1

v3.24.0

v3.23.0

v3.22.0

v3.21.0

v3.20.0

v3.19.2

v3.19.1

v3.19.0

v3.18.0

v3.17.1

v3.17.0

v3.16.4

v3.16.3

v3.16.2

v3.16.1

v3.16.0

v3.15.2

v3.15.1

v3.15.0

v3.14.1

v3.14.0

v3.13.0

v3.12.2

v3.12.1

v3.12.0

v3.11.2

v3.11.1

v3.11.0

v3.10.0

v3.9.0

v3.8.4

v3.8.3

v3.8.2

v3.8.1

v3.8.0

v3.7.3

v3.7.2

v3.7.1

v3.7.0

v3.6.1

v3.6.0

v3.5.0

v3.4.0

v3.3.0

v3.2.4

v3.2.3

v3.2.2

v3.2.1

v3.2.0

v3.1.0

v3.0.1

v3.0.0

v2.24.1

v2.24.0

v2.23.0

v2.22.1

v2.22.0

v2.21.5

v2.21.4

v2.21.3

v2.21.2

v2.21.1

v2.21.0

v2.20.3

v2.20.2

v2.20.1

v2.20.0

v2.19.2

v2.19.1

v2.19.0

v2.18.6

v2.18.5

v2.18.4

v2.18.3

v2.18.2

v2.18.1

v2.18.0

v2.17.0

v2.16.3

v2.16.2

v2.16.1

v2.16.0

v2.15.3

v2.15.2

v2.15.1

v2.15.0

v2.14.0

v2.13.0

v2.12.1

v2.12.0

v2.11.0

v2.10.0

v2.9.0

v2.8.1

v2.8.0

v2.7.0

v2.6.0

v2.5.1

v2.5.0

v2.4.0

v2.3.0

v2.2.0

v2.1.0

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v1.47.5

v1.47.4

v1.47.3

v1.47.2

v1.47.1

v1.47.0

v1.46.8

v1.46.7

v1.46.6

v1.46.5

v1.46.4

v1.46.3

v1.46.2

v1.46.1

v1.46.0

v1.45.4

v1.45.3

v1.45.2

v1.45.1

v1.45.0

v1.44.3

v1.44.2

v1.44.1

v1.44.0

v1.43.0

v1.42.0

v1.41.0

v1.40.1

v1.40.0

v1.39.0

v1.38.0

v1.37.1

v1.37.0

v1.36.1

v1.36.0

v1.35.0

v1.34.0

v1.33.0

v1.32.0

v1.31.0

v1.30.0

v1.29.1

v1.29.0

v1.28.0

v1.27.4

v1.27.3

v1.27.2

v1.27.1

v1.27.0

v1.26.0

v1.25.0

v1.24.1

v1.24.0

v1.23.0

v1.22.0

v1.21.1

v1.21.0

v1.20.0

v1.19.0

v1.18.0

v1.17.0

v1.16.3

v1.16.2

v1.16.1

v1.16.0

v1.15.1

v1.15.0

v1.14.0

v1.13.1

v1.13.0

v1.12.2

v1.12.1

v1.12.0

v1.11.0

v1.10.1

v1.10.0

v1.9.0

v1.8.0

v1.7.0

v1.6.0

v1.5.1

v1.5.0

v1.4.0

v1.3.1

v1.3.0

v1.2.0

v1.1.0

v1.0.0

v0.1.1

v0.1.0

Labels

Clear labels

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

MrUnknownDE

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/databasus#194