Require authentication for access to self-hosted Taiga instance

I’m looking for a way to restrict access to Taiga on a self-hosted instance until users have authenticated in the system.

My goal is to use Taiga for internal use only, within a small team, and I have no intention of allowing external access to the instance. However, I would prefer to avoid using Nginx to block access, as that would require team members to log in twice (once with Nginx and then with Taiga).

Are there any in-built tools or options available in Taiga that would allow me to achieve this without the need for Nginx? Any suggestions or recommendations would be greatly appreciated. Thank you!

Hi @hpnyaggerman, if I understand properly your needs, you may:

  • restrict which email domains can register in your taiga.self-hosted.com
  • or prevent anyone from auto-register and allow only register by invitation
  • and make all projects private, so unauthenticated user that lands to your instance wont see anything

Let met know if this helps you,
cheers, Yamila.

Is there no in-built way to redirect users to the login page until they authenticate?

hi @hpnyaggerman

I’m not sure if I understand correctly your last question. In Taiga there default behaviour is to take the user to the login page when authentication is needed. After login, Taiga redirects to the requested page.

When authentication is needed: in private projects where external user (anonymous users and not project members) doesn’t have permissions. By default, external users don’t have any permissions and you can create projects as private ones.

I hope this helps,
Yamila.

Hi,

I think what @hpnyaggerman meant is akin to how some other self hosted project work, as long as you’re not logged in, nothing will be accessible to you, not even the discover page that we have right now as a default “homepage”, and basically you’re going to be forced into the login page as long as you didn’t log in.
And I kind of hop on to suggesting that as well, if that’s possible.

Kind regards

hi @Mereck13579

discover page is empty if you have all your projects private, and they should be private in your scenario. You cannot disable this page (is meant for public sharing) but you can add a rule in your nginx/apache/… so discover page has a redirection to login.

I hope this helps, cheers!

“Taiga (in its default configuration) disables both Gitlab or Github oauth buttons whenever the public registration option hasn’t been activated. To be able to use Github/Gitlab login/registration, make sure you have public registration activated on your Taiga instance.”

It would be of significant benefit to us to allow Gitlab logins without needing public registration. We want to use this as a private tool but don’t want anyone to sign up.

I found no native feature that precisely fulfilled this requirement. Seeking alternatives, I considered integrating Taiga with our LDAP server or OAuth provider to streamline user authentication. Another option under consideration involves setting up a reverse proxy with Single Sign-On (SSO), utilizing identity providers like Keycloak or Okta for a seamless user experience.