I’m using Authentik at home and it’s great, I have single login (secured with 2FA and/or secure key) for all my home services but I can’t integrate Home Assistant, so I have to use legacy password authentication then generate key in 2FA auth. and rewrite it.
It would be great if Home Assistant would have Single Sign On option: SAML or oAuth.
I wrote a Home Assistant Add-On (not published) to run a simple python script that talks to a LDAP server. I had to create the Add-on because I got tired of doing apk install python3-ldap or some such command and using a Script to do the login.
I would love this, OIDC, OAuth and others are no longer for large enterprises only. It’s so easy these days to put all your self-hosted apps behind a single login portal reusing the same MFA for access from the internet and all that.
I absolutely want this, it would radically simplify my identity management at home. Not for everyone I’m sure, but the fact it’s been actively ignored by the development group for at least 2 years and it appears a lot longer, doesn’t bode well that they even consider this as something they want to do. Very disappointing.
Yup there definitely needs to be an option for SSO. So many other self-hosted projects have it and HomeAssistant is the odd man out. I host a lot of stuff my family uses and it’s all tied together with SSO, which makes their lives a lot easier and it betters our security posture.
This feature wouldn’t be for every user, but I think that’s fine.
Why The H can’t we configure HA to use a external authentication system? I’d be thrilled for OIDC to be natively supported by HA, just as thrilled if HA would properly support for an addon or integration to provide a bridge to one (With HA offering the necessary APIs).
Putting a reverse proxy infront of HA is not a solution, as this breaks the App, not to mention that with this you need to login twice.
Maybe Home Assistant would be able to implement source code or libraries used in the Immich project? I just deployed it at home and enabling the OAuth login via Authentik was really simple. And OAuth works also in the Immich mobile app. And what surprised me the most was, that I was also able to login on my iPhone in the Immich app via Bitwarden app passwordless login using Passkey. So there all works perfectly - also the local user was automatically mapped to the user in Authentik so I (admin) don’t have two accounts (like in Portainer) but I’m able to login via local or via OAuth and it brings me to the same profile.
THIS PLEASE! It is already a non-starter using SSO/SAML auth directly via Cloudflare for the homeassistant subdomain because iOS doesn’t support the client certificate approach for the app. If we can’t have this, at least please give us SAML auth configuration support in HA itself. Only supporting username/password going into 2025 is a big security (and convenience) issue!
Home Assistant is aimed at a Home user, the home environment. IMHO this proposal/open letter is for feeding the enterprise smart home syndrome. I am pretty sure my dad (or any other average user of Home Assistant) isn’t using SSO to log in to his home devices.
I think the key part of his comment is that, at least as far as the developers are aware, the average user isn’t the sort of person that would be wanting something like this. People that put the effort into building home labs for most part aren’t yet mainstream. Personally, even if I used a self-hosted SSO/OIDC platform for authentication, I’m not certain I would want to have Home Assistant integrated into it, but I’ve finally come around to supporting those that do.