github-starred/vikunja
2
0
Fork 0
mirror of https://github.com/go-vikunja/vikunja.git synced 2026-05-06 19:47:47 -05:00
Code Issues 690 Packages Projects Releases 11 Wiki Activity

[GH-ISSUE #1399] Implement SCIM #6384

New Issue
Open
opened 2026-04-20 16:58:44 -05:00 by GiteaMirror · 7 comments
GiteaMirror commented 2026-04-20 16:58:44 -05:00
Owner
Copy Link

Originally created by @xeruf on GitHub (Sep 3, 2025).
Original GitHub issue: https://github.com/go-vikunja/vikunja/issues/1399

Description

Two Exemplary Use-Cases what SCIM can do beyond OIDC:

Provisioning: Easy Permission Management from Account Creation

With SCIM, when a new user account is created in your core identity system (like an identity provider or directory), SCIM automatically provisions that user across all connected applications, including Vikunja. This means:

  • User accounts are created instantly with the right permissions and group memberships set according to predefined rules.
  • No manual work is needed to add the user in each application separately, reducing administrative overhead and errors.
  • Permissions are consistent and up-to-date across all services from day one, so the user has exactly what they need to work productively.

Or, as in our case, if no teams are configurable in SSO, I can immediately add the user to teams without having to wait for them to sign in first.

Single Sign-Off When Revoking Access

When a user leaves or changes roles, SCIM ensures automated deprovisioning:

  • The user's accounts across all applications, including Vikunja, are deactivated or deleted automatically and immediately.
  • This enforces a single sign-off experience where revoking access in the central system cascades through every integrated app.
  • It prevents orphaned accounts and reduces security risks of unauthorized access by former users.
  • It also simplifies compliance and auditing, ensuring all access is tracked and timely removed.

Not urgent, but a nice thing to keep in mind.

Which alternatives did you consider using instead?

doing stuff manually

Originally created by @xeruf on GitHub (Sep 3, 2025). Original GitHub issue: https://github.com/go-vikunja/vikunja/issues/1399 ### Description Two Exemplary Use-Cases what SCIM can do beyond OIDC: ### Provisioning: Easy Permission Management from Account Creation With SCIM, when a new user account is created in your core identity system (like an identity provider or directory), SCIM **automatically provisions** that user across all connected applications, including Vikunja. This means: - User accounts are created instantly with the right permissions and group memberships set according to predefined rules. - No manual work is needed to add the user in each application separately, reducing administrative overhead and errors. - Permissions are consistent and up-to-date across all services from day one, so the user has exactly what they need to work productively. Or, as in our case, if no teams are configurable in SSO, I can immediately add the user to teams without having to wait for them to sign in first. ### Single Sign-Off When Revoking Access When a user leaves or changes roles, SCIM ensures **automated deprovisioning**: - The user's accounts across all applications, including Vikunja, are deactivated or deleted automatically and immediately. - This enforces a single sign-off experience where revoking access in the central system cascades through every integrated app. - It prevents orphaned accounts and reduces security risks of unauthorized access by former users. - It also simplifies compliance and auditing, ensuring all access is tracked and timely removed. Not urgent, but a nice thing to keep in mind. ### Which alternatives did you consider using instead? doing stuff manually
GiteaMirror added the area/autharea/teams labels 2026-04-20 16:58:44 -05:00
GiteaMirror commented 2026-04-20 16:58:46 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Sep 3, 2025):

Also helpful: https://scim.dev/guide/relationships/openid-connect.html

<!-- gh-comment-id:3249746325 --> @kolaente commented on GitHub (Sep 3, 2025): Also helpful: https://scim.dev/guide/relationships/openid-connect.html
GiteaMirror commented 2026-04-20 16:58:47 -05:00
Author
Owner
Copy Link

@xeruf commented on GitHub (Sep 8, 2025):

and fyi, nextcloud and zulip already implement it and it is used in stackspin

<!-- gh-comment-id:3266838297 --> @xeruf commented on GitHub (Sep 8, 2025): and fyi, nextcloud and zulip already implement it and it is used in stackspin
GiteaMirror commented 2026-04-20 16:58:49 -05:00
Author
Owner
Copy Link

@FreeSynergy commented on GitHub (Jan 6, 2026):

How far is this Feature? Is it on the "Roadmap"?

<!-- gh-comment-id:3712587130 --> @FreeSynergy commented on GitHub (Jan 6, 2026): How far is this Feature? Is it on the "Roadmap"?
GiteaMirror commented 2026-04-20 16:58:49 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Jan 11, 2026):

I'm happy to work on this if someone wants to sponsor the development, otherwise it will become part of some kind of enterprise addon.

<!-- gh-comment-id:3734397772 --> @kolaente commented on GitHub (Jan 11, 2026): I'm happy to work on this if someone wants to sponsor the development, otherwise it will become part of some kind of enterprise addon.
GiteaMirror commented 2026-04-20 16:58:50 -05:00
Author
Owner
Copy Link

@FreeSynergy commented on GitHub (Jan 11, 2026):

I would like to, but the thing is, I work day and night as a volonteer … helping people for free (no joke).
We was one time a group over 50.000 people, after Corona, less than 5.000.
We help people, where we can, for free. I'm travaling through the world, most germany, and help, where I can. Most times as a psychological consultant (for many topics). In the night I work on a decentral network, to teach people, how to make them selfs free, out of censorship, chatcontroll and so on.

For me SSO and all the other technologies are not an enterprise feature, but minimum feature, to break free out of the discrimination of information.

If I could, I would sponsor it … but I live with less money - in this moment, I live in a woodhome (of a woman), where we have no water, except the small river, next to the house.

So, how can I sponsor you? I can visit you and help you, where I can help …

<!-- gh-comment-id:3734422038 --> @FreeSynergy commented on GitHub (Jan 11, 2026): I would like to, but the thing is, I work day and night as a volonteer … helping people for free (no joke). We was one time a group over 50.000 people, after Corona, less than 5.000. We help people, where we can, for free. I'm travaling through the world, most germany, and help, where I can. Most times as a psychological consultant (for many topics). In the night I work on a decentral network, to teach people, how to make them selfs free, out of censorship, chatcontroll and so on. For me SSO and all the other technologies are not an enterprise feature, but minimum feature, to break free out of the discrimination of information. If I could, I would sponsor it … but I live with less money - in this moment, I live in a woodhome (of a woman), where we have no water, except the small river, next to the house. So, how can I sponsor you? I can visit you and help you, where I can help …
GiteaMirror commented 2026-04-20 16:58:52 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Jan 14, 2026):

That was more aimed at companies, I would say SCIM is something that only larger organizations use, who would be able to pay for a feature like this. And are likely already used to doing so for other applications. I only have so much time in a day and I need to make a living as well, so I have to set my priorities accordingly.

I'm happy to give out discounts for any kind of paid features to non-profit organizations.

OpenID and LDAP are already available. That should cover most SSO needs.

<!-- gh-comment-id:3749400210 --> @kolaente commented on GitHub (Jan 14, 2026): That was more aimed at companies, I would say SCIM is something that only larger organizations use, who would be able to pay for a feature like this. And are likely already used to doing so for other applications. I only have so much time in a day and I need to make a living as well, so I have to set my priorities accordingly. I'm happy to give out discounts for any kind of paid features to non-profit organizations. OpenID and LDAP are already available. That should cover most SSO needs.
GiteaMirror commented 2026-04-20 16:58:54 -05:00
Author
Owner
Copy Link

@FreeSynergy commented on GitHub (Jan 14, 2026):

I'm now in Cologne, Germany. If you like, you can find me:
https://wiki.helfa.org/de/profiles/kal_el/contact

But back to the main topic:
if you see the internet like me, than you will see, that this is one of the most important features, not for big companies, bit for everybody, who wants to decentralize the internet.

Why are Amazon, Microsoft, Apple, Blackrock and so on so good? Because they learned, how to work together and take advantage of others.
If we want to make some similar, but without take advantage of others, than we have to get structured. We have to organize ourselfs … but how, when not with tools, that give us the same chance, to build teams up.

Not only in the open source world, but even in the legal world, we can make the difference:
What is your purpose? Do you want to take advantage of others (make money)? If yes, pay for it. If not, use it for free (or selfcosts). You don't have to protect it by an API Key, you can protect it by the law. Give the source code for free - but if someone is using it for making money, than he has to pay for that. Use the law, use the community, use the force of all people, to change that.

If we learn, how to workntogether, how to support each other, then we can change the world - dosent matter if it is for IT projects, wars, starving or other catastrophies … together we can change the world.

<!-- gh-comment-id:3751804413 --> @FreeSynergy commented on GitHub (Jan 14, 2026): I'm now in Cologne, Germany. If you like, you can find me: https://wiki.helfa.org/de/profiles/kal_el/contact But back to the main topic: if you see the internet like me, than you will see, that this is one of the most important features, not for big companies, bit for everybody, who wants to decentralize the internet. Why are Amazon, Microsoft, Apple, Blackrock and so on so good? Because they learned, how to work together and take advantage of others. If we want to make some similar, but without take advantage of others, than we have to get structured. We have to organize ourselfs … but how, when not with tools, that give us the same chance, to build teams up. Not only in the open source world, but even in the legal world, we can make the difference: What is your purpose? Do you want to take advantage of others (make money)? If yes, pay for it. If not, use it for free (or selfcosts). You don't have to protect it by an API Key, you can protect it by the law. Give the source code for free - but if someone is using it for making money, than he has to pay for that. Use the law, use the community, use the force of all people, to change that. If we learn, how to workntogether, how to support each other, then we can change the world - dosent matter if it is for IT projects, wars, starving or other catastrophies … together we can change the world.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
area/api
area/attachments
area/auth
area/avatars
area/backup-restore
area/caldav
area/calendar-view
area/comments
area/config
area/database
area/desktop
area/docker
area/email
area/favorites
area/filters
area/frontend
area/gantt
area/i18n
area/import-export
area/internal-code
area/kanban
area/labels
area/list-view
area/mobile
area/notifications
area/permissions
area/projects
area/pwa
area/recurring-tasks
area/reminders
area/search
area/shortcuts
area/subtasks
area/sync
area/table-view
area/task-editor
area/task-metadata
area/task-relations
area/teams
area/theming
area/time-tracking
area/typesense
area/views
area/webhooks
bug
changes requested
concern/accessibility
concern/performance
concern/regression
concern/ux
confirmed
db/mysql
dependencies
enhancement
good first issue
help wanted
integration/inbound
integration/outbound
kind/bug
kind/feature
needs reproduction
pull-request
Mirrored from GitHub Pull Request
 question
security
support
upstream issue
waiting for reply
wontfix
No Label area/auth area/teams
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/vikunja#6384
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?