Enable SSO authentication for Django admin #102
Description
📋 User requirements
AS A DevOps engineer or system administrator
I WANT SSO authentication as an optional configuration for Django admin access
AND support for common enterprise SSO providers (Google, Microsoft, Auth0)
SO THAT users can authenticate with their existing corporate credentials
AND we can meet enterprise security and compliance requirements
✅ Acceptance criteria
- Template Configuration
When generating a new project with scaf, I can choose to enable SSO authentication
I can select from supported SSO providers (Google OAuth, Microsoft Azure AD, Auth0)
The template generates appropriate configuration files and environment variables
- Admin Login Experience
When SSO is enabled, the Django admin login page displays an SSO login button
Users can authenticate using their SSO provider credentials
Traditional username/password authentication remains available as a fallback
After successful SSO authentication, users are redirected to the Django admin dashboard
- User Management
Users authenticated via SSO are automatically created in Django if they don't exist
SSO users have appropriate permissions assigned based on the configuration
Domain restrictions can be configured to limit SSO access to specific email domains
- Documentation and Setup
Clear documentation is provided for setting up each supported SSO provider
Environment variables for SSO credentials are documented
A troubleshooting guide is included for common SSO configuration issues
🛸 Out of scope
- SAML 2.0 support
- Multi-factor authentication integration (should be handled by the SSO provider)
- SSO for the main application frontend
- User role mapping from SSO claims (basic permission assignment only)
- SSO session management across multiple applications (single application scope)
📝 Additional context (Optional)
No response
🕸️ Dependencies (Optional)
No response
🖼️ Wireframe (Optional)
No response