Hello Ghost community,

I’ve spent a bit of time clicking through this great community and I’m specifically searching for some thoughts/ideas/solutions to this one burning question.

Can Ghost use an external party for sign-on for subscribers?

My use case. Allow subscribers the ability to sign up/sign in with 3rd party credentials - I’m thinking services similar to Auth0. Hoping this will also allow the user to seamlessly move to other services within my control, such as a forum, with the same credentials. This would also allow me (admin) more flexibility with the sign-up/sign-in controls such as what is on offer - eg. sign-in with Apple, Facebook, WebAuthn etc.

What I have found so far is conversation around a SSO beta for Pro users - which I’m of the understanding that the aim here is for admins etc to use external sign-on capabilities - eg. Okta, Azure AD etc.

I completely understand that isn’t a core feature however I’m really looking to validate this more before diving in further.

If it is viable, then I’d be happy to work on it.

I’m not sure what the Ghost team’s plans are for SSO, but I would find it useful to have SSO with Ghost and Discourse.

Exactly.

And without sounding terrible here, I’d prefer to have security handled by another party rather than my own Ghost instance.

I’ve seen the “SSO beta for Pro users” mentioned before, but I think Kevin’s response in another thread provides some clarification of that.

Just so there’s no confusion, that topic is about SSO for staff users, not members. Staff users and members are completely separate systems and do not share any authentication mechanisms.

Thanks @Kevin.

With a much better understanding of the core of Ghost than I do, is this something that is feasible? Or am I wasting my time on this?

Any thought on this?