sso is a secure single sign-on solution that provides authentication and authorization for internal services using a double OAuth2 flow with Google as the identity provider.
sso, aka S.S.Octopus, aka octoboi, is a single sign-on solution for securing internal services
This tool is designed for organizations that need to secure access to multiple internal web applications by centralizing authentication and authorization. It is primarily used by infrastructure and security teams to enable seamless single sign-on experiences for employees while enforcing domain and group-based access controls.
sso requires Google OAuth2 as the identity provider and restricts authentication to a specific email domain, so it is best suited for organizations using Google Workspace. Proper configuration of Google Groups is necessary for fine-grained authorization. Users should ensure secure deployment of sso-auth and sso-proxy components and keep session cookies protected to maintain security. Contributions and security vulnerability reports are welcomed and managed via BuzzFeed’s bug bounty program.
Download prebuilt binary releases from the GitHub releases page
Pull the Docker image from Docker Hub at buzzfeed/sso
Install via Go with `go get github.com/buzzfeed/sso/cmd/...`
Follow the Quickstart guide in docs/quickstart.md to deploy locallygo get github.com/buzzfeed/sso/cmd/...
Installs the sso command-line tools using Go.
Use prebuilt binaries from the releases page
Run sso components without building from source.
docker pull buzzfeed/sso
Fetches the official Docker image for sso to deploy in containerized environments.