I’m using Authentik at home and it’s great, I have single login (secured with 2FA and/or secure key) for all my home services but I can’t integrate Home Assistant, so I have to use legacy password authentication then generate key in 2FA auth. and rewrite it.
It would be great if Home Assistant would have Single Sign On option: SAML or oAuth.
Thanks!
This also requires the mobile apps to be updated to support this.
I’d really like to integrate it with Authelia via Oauth indeed.
I think apps can handle this pretty generically by popping out to a webview
I am hosting my own LDAP server.
I wrote a Home Assistant Add-On (not published) to run a simple python script that talks to a LDAP server. I had to create the Add-on because I got tired of doing apk install python3-ldap or some such command and using a Script to do the login.
It uses Authentication providers - Home Assistant
But I agree, that was a lot of work just to get LDAP to work and would love for a way to allow external Authentication.
I would love this, OIDC, OAuth and others are no longer for large enterprises only. It’s so easy these days to put all your self-hosted apps behind a single login portal reusing the same MFA for access from the internet and all that.
I absolutely want this, it would radically simplify my identity management at home. Not for everyone I’m sure, but the fact it’s been actively ignored by the development group for at least 2 years and it appears a lot longer, doesn’t bode well that they even consider this as something they want to do. Very disappointing.
Yup there definitely needs to be an option for SSO. So many other self-hosted projects have it and HomeAssistant is the odd man out. I host a lot of stuff my family uses and it’s all tied together with SSO, which makes their lives a lot easier and it betters our security posture.
This would be so useful, just set up authelia and now i found out my homeassistant doesnt even support oAuth
This feature wouldn’t be for every user, but I think that’s fine.
Why The H can’t we configure HA to use a external authentication system? I’d be thrilled for OIDC to be natively supported by HA, just as thrilled if HA would properly support for an addon or integration to provide a bridge to one (With HA offering the necessary APIs).
Putting a reverse proxy infront of HA is not a solution, as this breaks the App, not to mention that with this you need to login twice.
Merged into the existing topic to avoid splitting the votes 
Maybe Home Assistant would be able to implement source code or libraries used in the Immich project? I just deployed it at home and enabling the OAuth login via Authentik was really simple. And OAuth works also in the Immich mobile app. And what surprised me the most was, that I was also able to login on my iPhone in the Immich app via Bitwarden app passwordless login using Passkey. So there all works perfectly - also the local user was automatically mapped to the user in Authentik so I (admin) don’t have two accounts (like in Portainer) but I’m able to login via local or via OAuth and it brings me to the same profile.
THIS PLEASE! It is already a non-starter using SSO/SAML auth directly via Cloudflare for the homeassistant subdomain because iOS doesn’t support the client certificate approach for the app. If we can’t have this, at least please give us SAML auth configuration support in HA itself. Only supporting username/password going into 2025 is a big security (and convenience) issue!
This has been … a point of contention for years now.
Since 2022, this open letter has been kicking around the forum and now has 742 votes.
Frenck’s response from the time ends:
Home Assistant is aimed at a Home user, the home environment. IMHO this proposal/open letter is for feeding the enterprise smart home syndrome. I am pretty sure my dad (or any other average user of Home Assistant) isn’t using SSO to log in to his home devices.
I think the key part of his comment is that, at least as far as the developers are aware, the average user isn’t the sort of person that would be wanting something like this. People that put the effort into building home labs for most part aren’t yet mainstream. Personally, even if I used a self-hosted SSO/OIDC platform for authentication, I’m not certain I would want to have Home Assistant integrated into it, but I’ve finally come around to supporting those that do.
SSO in home assistant is useful for the same reason SSO (already available in this forum) is useful… It lets you cut down on the number of user accounts you need to remember or dig into your password database for.
If my wife could log into home assistant with her google or apple account I would probably have to stop resetting her home assistant password about once a year or every time she changes devices and has to log in again.
Also for someone doing lots of home automation they probably also have things like plex (supports single sign on providers) and other apps so it might be possible to merge things down a little.
I think this is about relative priorities. It would be great indeed but I don’t think we can realistically expect this to be a high priority for the foreseeable future. Id be happy to be wrong but relative value is low to the piles of other stuff people want done… yesterday. 
I’m expecting this to be included when they do the Role Based Access Control, since it falls under the heading of “Security”, which is likely to be the next major thing they work on.
that makes a lot of sense actually, perhaps ‘year of security’ is on the horizon 
though unlikely they’ll phrase it that way due to the obvious implication
I’d like to see a couple months of What the Heck fixes, followed by several months long beta cycles of security/privacy changes, but who knows how they will actually do it.