Authentication by SSO

For a configuration by environment variables, visit that page.

That action is only possible with an Administrator account.

Go to the Administration > Ways of authentication part.

In that page page, select Single Sign-On (SSO) as way of authentication.


Fill Then the fields of the form:

  • Name of the header matching the login
    • It is the name of the header in which will be the login passed by the le Reverse Proxy after a connection to the SSO.
  • Name of the header matching the allowed groups (optional)
    • If your Reverse Proxy passes information on the groups of the user, you may indicate the name of the header matching that information.
  • Allowed groups (separate the groups with a comma ',') (optional)
    • If you have specified a name of header for the group of the user, you may specify here a list of groups of which you wish to allow the access to Themis. If you leave this field empty, no filter will be done on the groups. 
  • Separator used utilisé in the list of groups if several groups are present in the header (optional)
    • If you specify a list of groups in the previous field, indicate here the used separator (example: ,)
  • Name of the header matching the mail (optional)
    • If your Reverse Proxy put the mail of the user in a header you may specify the name of that header here, he will solely help prefilling the sheet of registration form of a new user of Themis.
  • Name of the name of display (optional)
    • Idem than the previous field but for the name of display.


Once these information informed, click on Save. That action will disconnect you.

!! You have to restart Themis (via Docker -> docker-compose up -d) so that the change would be effective. !! 

The connection to Themis will go through your SSO server:



If for example, an user with the jdoe login is already within Themis (identified by its login) and that that user signs in via your SSO with the same login (jdoe), then he will arrive directly on its existing account.

If rather, a person logs in via your SSO but did not have an already saved account in Themis, then a form will appear allowing him to complete its account within Themis:


Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.