SSO / Oauth authentication / Google Workspace account management for an office environment

Hello, I have a specific use case that I would like to solve:

  • We want to setup a home assistant instance for the office/workspace.
  • Managing users in HA is cumbersome, as we already use Google Workspace for identity management.
  • We would like to be able to login with google in our home assistant.

Possible solutions:

  • Stick a authentication reverse proxy in front of Home Assistant.
    This would be the simplest solution, but what would be the best way to communicate the current logged in user to HA? Otherwise everyone is considered guest, and audit logs, etc would stop making sense.
    Would this be solvable by an extension that reads auth headers from the proxy and manages users accordingly, on the fly?

  • Only allow access from within the office network.
    Same issue as above + lots of other security issues.

  • OAuth authentication.
    This sounds like the best solution, but the one that requires the most work. Has anyone played with such thing? I couldn’t find any integration/extension yet. Can anyone recommend what would be the best approach to develop such feature/plug-in.

I’m hoping to gather feedback from anyone that has any insight or opinion on this. And I would also like to know about any other office deployments of HA.

Thank you.

3 Likes

I’ve a similar use case with Home Assistant. Want to use external authentication in HA specifically with AWS Cognito.

I found these workarounds after a lot of searching. Haven’t tried yet but will try soon.

Hope it helps!

2 Likes

Hi @tofran ,
Have you got a chance to implement Google SSO into HA?

Cheers,
yankki