Is there an oauth provider of any kind that i can use to allow login to web interface by an oauth provide like AzureAD, Google, AWS or OSS oauth provider?
I would like to know this also.
I thought I saw mention that this was an enterprise-only feature. @kris?
That’s correct. Community users can use the provided 2FA with local users accounts for authentication or alternatively use API keys.
WebUI / API authentication and RBAC integration with LDAP / IPA /AD are enterprise features.
Is there a generic oauth provider for TrueNAS? (the ones you listed are not oauth)
If so is that also an enterprise feature?
There is no generic oAuth provider for login to the TrueNAS WebUI. Something around that will happen later in '25 though.
2 Likes
thanks, any decision if it will be a feature for hardware purchasers only? or is that decision down the road sometime?
The oAuth feature will be on the community side.
3 Likes
Good to hear. SSO seems to be rapidly growing in popularity in the homelab space, so TrueNAS’ being able to integrate into it will be useful.
that’s fabulous and will make me very happy
Is this still planned in 25? I checked the repository on GitHub, nothing related has been merged.
1 Like
is this feature still planned? the last version of 2025 is about to get released and there is no confirmation of OAUTH yet
oAuth will be done through TrueNAS Connect service. Not something you have to manually setup on the TrueNAS side.
It is extremely disappointing that a straight forward oauth solution for the webui is unavailable.
Truenas connect is not webui, it’s “web-based management service” warped on top of the existing webui. So in the end we still don’t have oauth for webui.
2 Likes
So, IOW, this is false:
Really, what made you think these two things were equivalent?
It was a bit of a cheeky claim 
But yes, in the end if you want to reach your TrueNAS via an oAuth mechanism, you log into the Connect Management service. Unlock your keyring (in browser) and you are connected. It doesn’t do any magic to create or manage local usernames on the TrueNAS that map back to an oAuth provider. Yet. That is the kind of thing we may build out as a result of this cloud infrastructure maturing more in the future. Rather than trying to implement support for various oAuth providers for the on-prem side, we’ll establish a single link to TrueNAS Connect, which then handles supporting the garden of oAuth providers on that end, so users have little to nothing to setup locally. Just click and go. But that is farther off.
It wasn’t “cheeky,” it was false. Or another “oopsie, changed our minds again.”
Or just implement standard OIDC. Like you said (or strongly implied) you would do. The user/admin provides the provider URL, client ID, client secret, and is responsible for whatever configuration is needed on the IDP end. You don’t need to do anything special to handle Google, or GitHub, or whatever.
6 Likes
Nah, no mind changing here. When i squint and look at it. I log into TNC. I use my google credentials (oAuth) and then my local password manager unlocks the local keyring. I’m now in and administrating my TrueNAS system. Over a proper SSL and hostname, no self-signed crap. Again, not exactly what you are asking for, but does what I want at this phase of the project. Crawl → Walk → Run.
Now where it gets interesting is when we do the web-based file manager in the next release. I want to log in and manage files & data, not just the administrative interface with oAuth. Thats where this really needs to go. OIDC (With Connect) may be part of that in the future to solve both use-cases being able to properly log directly and map to a local filesystem user.
So it isn’t going to be part of the web UI? Because I’m pretty sure that’s what everyone who’s asked for this over the past ten years has envisioned–very much like pretty much every other NAS on the market.
7 Likes
Honestly with where this is going I am pretty concerned.
It feels like the team is forcing a cloud based service on self-hosters.
At this point (I hate to say this) it feels like Synology is being more open about this. They offer OIDC out of the box, and their web portal is optionally cloud based: you can use quick connect, but you can also disable quick connect and use your own domain, DDNS and cert.
Also it’s not like OIDC is rocket science, a lot of the open source project I self host is one-man army and the initial implementation takes only a couple of days. Granted the rough edges needs to be polished after the initial implementation, but I feel it says a lot about the development resource required. OIDC seems to be a very mature and straight forward specification right now.
All in all, disappointed and concerned.
1 Like