€39 one-time · Source code included (LGPL-3) · Odoo 17, 18 & 19

SSO, MFA and SCIM for Odoo Community

Stop juggling standalone Odoo passwords and manual onboarding. This bundle brings SAML 2.0, OpenID Connect, MFA (TOTP and FIDO2 passkeys), SCIM provisioning, audit logs, active sessions and MFA coverage reports into native Odoo menus, for a single €39 one-time payment.

Get it on the Odoo App Store (€39) Try the live demo

One-time payment of €39 · Source code included (LGPL-3) · 12 months of updates

The problem: authentication gaps in Odoo Community

Plenty of teams run business-critical data in Odoo Community on local passwords, manual onboarding and offboarding, patchy second-factor coverage and almost no authentication evidence when a security review comes around.

Identities drift out of sync

A user you disabled in your identity provider can stay active in Odoo when provisioning is manual or lags behind — a classic offboarding hole.

No proof that MFA is on

Auditors and security teams want hard evidence that MFA is actually enforced — for internal reviews and frameworks like SOC 2, ISO 27001, NIS2 and PCI DSS.

A patchwork login stack

Bolting SSO, MFA, sessions and provisioning together from separate add-ons makes setup fragile and leaves the audit trail full of gaps.

What the module does

One bundle that puts the whole authentication layer inside Odoo, with every piece configured and governed straight from the backend.

SAML 2.0 service provider

Connect Odoo to Azure Entra ID, Okta, Google Workspace, ADFS, Keycloak and any other SAML 2.0 enterprise IdP so your team logs in with their existing corporate account.

OpenID Connect relying party

Modern token-based login using the authorization-code flow with PKCE, OIDC discovery, and nonce and state validation for secure identity federation.

MFA policy engine

Enforce TOTP or FIDO2 passkeys per company, group or identity provider, with a configurable grace period and the set of accepted factor types you allow.

SCIM 2.0 provisioning

Records every lifecycle operation your IdP pushes — create, update, replace, deactivate, reactivate — with the origin, target user and status, so onboarding and offboarding stay in sync.

Audit log and active sessions

An append-only trail of authentication events (method, user, IdP, result, severity, IP and failure reason) plus a live session inventory you can review and revoke on demand.

MFA coverage reports

Generates MFA coverage records that give you ready evidence for security reviews and frameworks like SOC 2, ISO 27001, NIS2, PCI DSS and GDPR Article 32.

How it works

Install the module, register your provider once, and hand Odoo logins over to your IdP. Everything is driven from native Odoo menus — no external service to host.

1

Install the bundle

Drop the module into any Odoo 17, 18 or 19 instance. It installs cleanly on Community or Enterprise using only the standard base, web and mail modules.

2

Register your IdP

Add your SAML 2.0 or OpenID Connect provider, set the per-IdP fallback mode (Allow All, SSO Only or Local Login Only) and map attributes to Odoo users and groups.

3

Enforce MFA and provisioning

Turn on MFA policies with TOTP or passkeys, wire up SCIM so accounts are created and disabled automatically, and watch logins land in the audit log with full MFA coverage reporting.

Supported identity providers

Microsoft Azure / Entra ID

SAML 2.0 and OIDC with MFA support and SCIM provisioning against Entra ID (formerly Azure AD).

Okta

Standard SAML 2.0 / OpenID Connect connection with SCIM user provisioning.

Google Workspace

SSO via SAML 2.0 / OIDC so your team signs in to Odoo with their Google account.

ADFS, Keycloak and others

Any IdP that speaks SAML 2.0 or OpenID Connect plugs into the bundle's service provider and relying party.

Requirements and honest install notes

It is built to install cleanly on any Odoo host. Two things worth knowing before you deploy it.

Odoo versions

Compatible with Odoo 17.0, 18.0 and 19.0 (Community and Enterprise), using only the standard base, web and mail modules.

Optional Python libraries

The SAML, OIDC, TOTP and FIDO2 features rely on guarded optional dependencies, so the module installs cleanly even if some are missing. Install only the ones the protocols you actually enable require.

€39 one-time, source code included

A single €39 payment under the LGPL-3 license: source code included, 12 months of updates and direct support — no subscriptions, no per-user fees. Buy it here or on the Odoo App Store and deploy it on your own Odoo Community.

View on the Odoo App Store Try the live demo

Frequently asked questions

Does it work with Odoo Community?

Yes. This bundle exists specifically to add enterprise SSO to Odoo Community 17, 18 and 19, which do not ship SAML, OIDC, MFA enforcement or SCIM out of the box. It also runs on Enterprise if you want a single source-available authentication layer.

Does it replace my identity provider?

No. It is not an IdP. Your users, groups and policies stay in Azure Entra ID, Okta, Google Workspace, ADFS or Keycloak. The module connects Odoo to that provider and enforces SSO, MFA and provisioning inside Odoo.

Can it run SAML and OpenID Connect at the same time?

Yes. It ships both a SAML 2.0 service provider and an OpenID Connect relying party, and you can keep several federations active at once with a per-IdP fallback mode (Allow All, SSO Only or Local Login Only).

How does MFA enforcement work?

You set MFA policies per company, IdP or group, with a grace period and the accepted factor types (TOTP and FIDO2 passkeys). The coverage reports then give you the evidence that the second factor is actually enforced across your users.

Will it make us compliant with SOC 2 or ISO 27001?

No single tool makes you compliant on its own. What the module gives you is authentication controls and evidence — audit logs, active sessions and MFA coverage — that support SOC 2, ISO 27001, NIS2, PCI DSS and GDPR Article 32 programmes.

What do I actually pay, and do I get the source?

A €39 one-time payment — no monthly fee, no per-user pricing. You get the full source code under LGPL-3 and 12 months of updates, and you deploy it on your own Odoo instance.