I continue to be blown away by the features and supporting documentation and videos. I was thinking to myself when I saw the OIDC option if it’d work with azure, then I get a recommendation from UA-cam that you’d got a video on it. And again not only helped me understand the bookstack side, but more on app registration and what data is passed. Thank you!
@@wiljotiele7565 Depends on what docker image is being used, but usually you can just define these options as env options, or edit the `.env` via volume files. I know the linuxserver image provides the `.env` file in the mounted `/config` volume for easy instant editing.
I'm currently using Azure AD SAML with Bookstack, I'd like to move over to using OIDC with Bookstack. I'm guessing it is either / or? To move over to OIDC, I'll need to update the .env file and turn off SAML and configure / enable OIDC. Does that sound mostly correct?
Yeah, that's all correct. I can't exactly remember if azure provides different user ID values between SAML and OIDC though (this can also depend on configuration since the properties used for ID in both auth options is configurable). If Azure OIDC provides the same ID values as SAML for your users, it should be pretty smooth. If not, then you may have to update the "External Authentication ID" value for users (can be done in bulk via the database or API, otherwise editable per-user in BookStack).
@@BookStackApp Thx. On Azure my intent is to just create a new Enterprise Application and build it wil OIDC instead off SAML, I won't try and update or change the existing.
after the config of OpenID Connect i lost the option to login with the default login from the admin account ? how do i make it so that i still able to login with the default admin account. because my SSO user is no admin?
You can't run email login alongside OIDC, but you can temporary change the auth method back to login via an email-based account. You could then maybe give admin privilieges to a SSO user account to allow future admin without swapping auth method.
I continue to be blown away by the features and supporting documentation and videos. I was thinking to myself when I saw the OIDC option if it’d work with azure, then I get a recommendation from UA-cam that you’d got a video on it. And again not only helped me understand the bookstack side, but more on app registration and what data is passed. Thank you!
Great to hear all the effort put into those elements is found useful! Thanks for the kind feedback!
Excellent video
Thanks!
@@BookStackApp It would be nice if these settings would be accessible through the web interface tho. Modifying them inside docker is not so easy
@@wiljotiele7565 Depends on what docker image is being used, but usually you can just define these options as env options, or edit the `.env` via volume files.
I know the linuxserver image provides the `.env` file in the mounted `/config` volume for easy instant editing.
@@BookStackApp i just figured that out from your docker / bookstack video, brilliant, thanks!
I'm currently using Azure AD SAML with Bookstack, I'd like to move over to using OIDC with Bookstack. I'm guessing it is either / or? To move over to OIDC, I'll need to update the .env file and turn off SAML and configure / enable OIDC. Does that sound mostly correct?
Yeah, that's all correct. I can't exactly remember if azure provides different user ID values between SAML and OIDC though (this can also depend on configuration since the properties used for ID in both auth options is configurable).
If Azure OIDC provides the same ID values as SAML for your users, it should be pretty smooth.
If not, then you may have to update the "External Authentication ID" value for users (can be done in bulk via the database or API, otherwise editable per-user in BookStack).
@@BookStackApp Thx. On Azure my intent is to just create a new Enterprise Application and build it wil OIDC instead off SAML, I won't try and update or change the existing.
after the config of OpenID Connect i lost the option to login with the default login from the admin account ?
how do i make it so that i still able to login with the default admin account. because my SSO user is no admin?
You can't run email login alongside OIDC, but you can temporary change the auth method back to login via an email-based account.
You could then maybe give admin privilieges to a SSO user account to allow future admin without swapping auth method.