I’m considering adding an SSO process in front of my self-hosted apps such as Nextcloud, Calibre-Web and Immich. The thing I’m thinking about, is do I need to make two accounts for each user I want to add? If I have a new user, do I need to make an account for both the SSO provider and the protected app such as Nextcloud? Or does Nextcloud (or some other app) automatically create a new account upon the first authentication with the SSO provider?
Also, which SSO provider do y’all recommend? I would like to have one with a web UI where I can manage the users :)
If the app supports SSO and allows user creation, then it’s just a matter of passing the user claims such as username or email which the app expects from your provider.
I use Authentik as my solution, which uses a GUI for user management and supports all major SSO options, from MFA, to OIDC, SAML, LDAP and more.