Best option for SAML/SSO for Phoenix? External or library?

We’re about to commit to giving SSO to some clients who have requested it. They will accept either OIDC or SAML (though we have suspicions they’ll turn around and want SAML later on for the Single-Sign-OUT methods)

I personally haven’t worked on SSO systems in a while, what’s the current best practice here?

• Auth0 / Stytch, some 3rd party provider like that?
  • Find some provider with elixir libs/SDKs?
• Use a library to run it in house?

It’s a handful of customers, no real scaling issues or anything, I’m mostly concerned with correctness, predictability and maintenance costs. Happy to pay a 3rd party if it makes our lives easier and doesn’t introduce critical failure points or risks.

I’m really grateful for feedback from anyone who’s got more experience with SSO like this.

I’ve been using ueberauth with great success. It supports lots of SSO providers too (like Auth0 and OIDC)

It might not haven been around for ages, but it‘s very well setup.

We’ve been using samly for a few years. Dropbox has taken over the package a while ago, fixed some of the issues, it’s pretty stable. For development and testing I recommend

• free Auth0 account,
• free Okta Integrator account,
• Burp Suite with SAML Raider.

Thanks! Are you using it with customers using OIDC or SAML? Did you have to do additional setup beyond the lib, like using Auth0?

Thanks @LostKobrakai

Just to check: “it‘s very well setup” - you know of teams using this in production and it’s gone well?

Thankyou! We’ll give that a spin with Auth0.

FWIW, we are using the oidcc package for Livebook Teams.

Really helpful to know .

And I’ll assume you have some pretty big enterprise users on livebook teams?

This is “solved” from my point of view now that I know people are using the various libs, and I have enough to go research. Thank you everyone