[PR #1946] [MERGED] feat: add organisation sso portal #1950

New issue

Closed

opened 2026-02-26 20:31:47 +03:00 by kerem · 0 comments

kerem commented 2026-02-26 20:31:47 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/documenso/documenso/pull/1946
Author: @dguyen
Created: 8/7/2025
Status: ✅ Merged
Merged: 9/9/2025
Merged by: @Mythie

Base: main ← Head: feat/organisation-sso

---

📝 Commits (6)

• f1e0a87 feat: add organisation sso portal
• 226bfa1 chore: add docs
• 86fdea6 Merge branch 'main' into feat/organisation-sso
• e59195d fix: hide sso portal
• 4c21eee chore: remove logs
• 8e87675 fix: add flag restrictions

📊 Changes

56 files changed (+2921 additions, -199 deletions)

View changed files

📝 apps/documentation/pages/users/organisations/_meta.json (+2 -1)
➕ apps/documentation/pages/users/organisations/sso/_meta.json (+4 -0)
➕ apps/documentation/pages/users/organisations/sso/index.mdx (+149 -0)
➕ apps/documentation/pages/users/organisations/sso/microsoft-entra-id.mdx (+76 -0)
➕ apps/documentation/public/organisations/organisations-sso-settings.webp (+0 -0)
📝 apps/remix/app/routes/_authenticated+/o.$orgUrl.settings._layout.tsx (+13 -0)
➕ apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx (+432 -0)
📝 apps/remix/app/routes/_authenticated+/settings+/security._index.tsx (+21 -0)
➕ apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx (+179 -0)
➕ apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx (+218 -0)
➕ apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx (+333 -0)
➕ apps/remix/public/static/building-2.png (+0 -0)
📝 packages/auth/client/index.ts (+36 -0)
📝 packages/auth/server/index.ts (+2 -0)
➕ packages/auth/server/lib/utils/delete-account-provider.ts (+37 -0)
➕ packages/auth/server/lib/utils/get-accounts.ts (+32 -0)
📝 packages/auth/server/lib/utils/handle-oauth-callback-url.ts (+91 -62)
➕ packages/auth/server/lib/utils/handle-oauth-organisation-callback-url.ts (+99 -0)
➕ packages/auth/server/lib/utils/organisation-portal.ts (+94 -0)
➕ packages/auth/server/routes/account.ts (+25 -0)

...and 36 more files

📄 Description

Description

Allow organisations to manage an SSO OIDC compliant portal. This method is intended to streamline the onboarding process and paves the way to allow organisations to manage their members in a more strict way.

Example:

• Organisation owner configures portal
• User signs in via the portal
• They are automatically added to the organisation

Security
Since we are offloading authentication to an unknown provider, we use additional email confirmation to determine whether the user wants to link their account to the organisation.

Images

Organisation login form

Organisation SSO form

Email

Text changes based on Link or Create flows

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/documenso/documenso/pull/1946 **Author:** [@dguyen](https://github.com/dguyen) **Created:** 8/7/2025 **Status:** ✅ Merged **Merged:** 9/9/2025 **Merged by:** [@Mythie](https://github.com/Mythie) **Base:** `main` ← **Head:** `feat/organisation-sso` --- ### 📝 Commits (6) - [`f1e0a87`](https://github.com/documenso/documenso/commit/f1e0a870476d8789731ed7b606b00e8e484dbae1) feat: add organisation sso portal - [`226bfa1`](https://github.com/documenso/documenso/commit/226bfa1a6a6f684c12d3ea4a9b32e46014e6723d) chore: add docs - [`86fdea6`](https://github.com/documenso/documenso/commit/86fdea63b626561c639849e26c728b4e097bca1a) Merge branch 'main' into feat/organisation-sso - [`e59195d`](https://github.com/documenso/documenso/commit/e59195daea3036f3e8a704f3b68b707bccce4387) fix: hide sso portal - [`4c21eee`](https://github.com/documenso/documenso/commit/4c21eeee2ffe9a0989b059d11d28526e51674acd) chore: remove logs - [`8e87675`](https://github.com/documenso/documenso/commit/8e87675e7f4d16bc674838f46667e2e16918c687) fix: add flag restrictions ### 📊 Changes **56 files changed** (+2921 additions, -199 deletions) <details> <summary>View changed files</summary> 📝 `apps/documentation/pages/users/organisations/_meta.json` (+2 -1) ➕ `apps/documentation/pages/users/organisations/sso/_meta.json` (+4 -0) ➕ `apps/documentation/pages/users/organisations/sso/index.mdx` (+149 -0) ➕ `apps/documentation/pages/users/organisations/sso/microsoft-entra-id.mdx` (+76 -0) ➕ `apps/documentation/public/organisations/organisations-sso-settings.webp` (+0 -0) 📝 `apps/remix/app/routes/_authenticated+/o.$orgUrl.settings._layout.tsx` (+13 -0) ➕ `apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx` (+432 -0) 📝 `apps/remix/app/routes/_authenticated+/settings+/security._index.tsx` (+21 -0) ➕ `apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx` (+179 -0) ➕ `apps/remix/app/routes/_unauthenticated+/o.$orgUrl.signin.tsx` (+218 -0) ➕ `apps/remix/app/routes/_unauthenticated+/organisation.sso.confirmation.$token.tsx` (+333 -0) ➕ `apps/remix/public/static/building-2.png` (+0 -0) 📝 `packages/auth/client/index.ts` (+36 -0) 📝 `packages/auth/server/index.ts` (+2 -0) ➕ `packages/auth/server/lib/utils/delete-account-provider.ts` (+37 -0) ➕ `packages/auth/server/lib/utils/get-accounts.ts` (+32 -0) 📝 `packages/auth/server/lib/utils/handle-oauth-callback-url.ts` (+91 -62) ➕ `packages/auth/server/lib/utils/handle-oauth-organisation-callback-url.ts` (+99 -0) ➕ `packages/auth/server/lib/utils/organisation-portal.ts` (+94 -0) ➕ `packages/auth/server/routes/account.ts` (+25 -0) _...and 36 more files_ </details> ### 📄 Description ## Description Allow organisations to manage an SSO OIDC compliant portal. This method is intended to streamline the onboarding process and paves the way to allow organisations to manage their members in a more strict way. **Example:** - Organisation owner configures portal - User signs in via the portal - They are automatically added to the organisation **Security** Since we are offloading authentication to an unknown provider, we use additional email confirmation to determine whether the user wants to link their account to the organisation. ## Images ### Organisation login form <img width="732" height="472" alt="image" src="https://github.com/user-attachments/assets/2899151e-6ffb-4918-b959-ab662c14002a" /> ### Organisation SSO form <img width="863" height="1007" alt="image" src="https://github.com/user-attachments/assets/9874a5b1-9edc-4d3b-8183-d63e703bc037" /> ### Email Text changes based on Link or Create flows <img width="898" height="672" alt="image" src="https://github.com/user-attachments/assets/8a047cd8-36b5-434a-9757-ec3fef32d64f" /> --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-02-26 20:31:47 +03:00

• closed this issue
• added the
  pull-request
  label

kerem referenced this issue 2026-02-26 20:31:48 +03:00

[PR #1950] [MERGED] fix: translation extraction github action #1954

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

chore/translations

feat/signing-required-field-colors

feat/add-field-overflow-settings

chore/extract-translations

release

feat/public-completed-document-access

feat/bulk-download

docs/signing-reminders

feat/document-file-conversion

feat/prefetch-intent-navigation-links

fix/lint-project

fix/replace-linter-with-biome

fix/security-improvements

perf/dynamic-import-posthog

deps/vite-8

chore/migrate-eslint-prettier-to-oxlint-oxfmt

chore/migrate-to-pnpm

feat/add-pdf-image-renderer

feat/add-embed-v2

fix/extract-emails

feat/table-toolbar-filters

copilot/sub-pr-2478

fix/recipients-send-500

feat/external-2fa-codes

feat/protect-signing-urls

fix/checkbox-checked-values

duncan/legacy-api-endpoints

chore/block-po-files-locally

fix/default-embed-v2-document-rejection-to-false

fix/fields-dialog-title-description

copilot/sub-pr-2323

copilot/sub-pr-2267

exp/autoplace-fields

chore/server-hostname-config

fix/template-add-signers

fix/add-field-drag-drop-colors

fix/envelope-updates

feat/allow-formdata

archive/1.13.2

copilot/add-billing-section-account-page

fix/field-coordinate-bounds

feat/update-user-via-admin-dashboard

feat/expiry-links

feat/team-dashboard

feat/change-radio-direction

feat/admin-create-user-with-org

archive/v1.12.11

feat/envelopes-polish

feat/add-attachments-reworked

fix/font-size-fields

feat/improve-resend-dialog

fix/download-certificate-audit-log-safari

fix/duplicate-document-by-id

feat/document-table-filters

fix/template-migration

exp/effect

fix/migrate-template-metadata

exp/keyboard-signature

feat/document-2fa-redo

feat/add-attachments

feat/billing-redirect-flow

fix/add-api-logging

fix/duplicate-document-template-review

feat/handle-redirectto-param

feat/document-processing-status-indicator

feat/customize-doc-audit-log-certificate

feat/document-2fa

feat/organisations-backup-pls

feat/audit-logs-on-completed-document

chore/webhook-trigger-multiselect

exp/bg

chore/single-signer-wording

fix/template-uploading

feat/bin-tab

fix/staging-test

feat/rr7

squish/rr7

archive/nextjs

power-signer

fix/field-placements

fix/team-member-invites

fix/checkbox-field-bugs

fix/leaderboard-query

fix/zapier-list-documents-endpoint

feat/dictate-signers

feat/allow-same-signer-email-multiple-times

wip/rr7-next

experiment/self-sign

fix/oidc-login-error

feat/document-qrcode

feat/mau

feat/copy-links-audit-logs

chore/december-dep-upgrades

wip/rr7

wip/rr7-auth-package

wip/rr7-better-auth-demo

experiment/what-if-user-ids-were-strings-instead-of-numbers

fix/refactor-api-routes

feat/add-owner-completed-email-setting

fix/embed-whitelabel-colors

feat/delete-archive

fun/sign-with-nose

expiry-links

chore/openpage-viral-metrics

fix/sitemap

feat/signing-reminder

feat/automated-fields-signature

feat/add-polish-translations

staging

fix/open-page

openpage-api-deploy

feat/pulumi

chore/angular-embed-docs

exp/next-15

chore/select-signer

feat/save-data-on-blur

feat/save-recipients-on-blur

feat/signature-color

feat/team-email-template

chore/documenso-url

chore/add-ctas

fix/docker-setup-and-documentation

fix/document-creation-timezone

feat/telemetry

feat/integration-animation

fix/render-deployment

feat/publicProfile

feat/redirect-templates

feat/passkey-dialog

fix/refactor-use-template

chore/resend-onUpdate

chore/subject-onBlur

fix/demo-trpc-duration

fix/self-signer-custom-email-message

fix/benchmark

feat/add-myself-as-signer-temp

feat/checkbox-type

feat/update-marketing-header

experiment/queue

feat/error-demo

feat/add-document-auth-options

feat/document-2fa-test

chore/status-widget

open-page-restructure

feat/document-passkey-test

chore/form-reset

fix/neon-db-migration-test

feat/public-profile

feat/launch-week-content

webhooks_plus_api

exp/custom-field-labels

feat/accept-text-signature

feat/document-version-history

fix/delete-recipient-owners

fix/whitespace-title

feat/refresh

exp/million

feat/doc-comments

ElTimuro-patch-1

feat/teams-slugify

pr/537

date-format-setting

exp/millionjs

feat/runtime-env

chore/next-14

feat/chat-with-documents

feat/plan-limits

fix/467-bugsafari-only-unable-to-copy-document-sharing-link

feat/admin-ui-manage-instance

feat/stripe-free-tier

fix/cascade-delete-share-links

feat/marketing-share-document

feat/single-player-mode-polish

feat/next-13-5-3

chore/github-templates

docs/render-deploy

chore/code-of-conduct

chore/team

feat/add-e2e-testing

docs/minor-readme-updatess

docs/dx

feat-early-adopters

feat/open-early-adopters

fix/432-signee-doc-version-doesnt-have-sticky-signing-area

fix/446-cancel-cta-does-nothing-when-a-signer-opens-the-document

fix/445-signer-name-not-persisting

feat/resend-transport

fix/incorrect-completed-stats

feat/update-email-templates

feat/mania

feat/copy-or-tweet

feat/add-design-system-page

feat/single-player-mode

feat/completed-share-link

feat/designsystem

feat/send-email

feat/custom-emails

blog/upcoming-blog-post

feat/single-player-mode-test

feat/reset-password

blog/selfhosting-blog-post

feat/redirect-signed-document

fix/og-description

feat/universal-upload

chore/readme

chore/blogposts

fix/building-documenso-description

feat/admin-ui-metrics

feat/avatar-fallback

feat/templates

feat/blog-post-next

fix/hide-user-selection

feat/disable-sign

feat/marketing-mobile-nav

chore/remove-console-log-warn

feat/add-email-field

fix/redirect-signin-to-dashboard

feat/blog-og-image

feat/redirect-on-send

feat/billing-page

feat/profile-password-form

fix/signature-color-dark-mode

feat/inbox

feat/promise-safety

readme

chore/reduce-refetch-time

feat/update-document-flow

feat/refactor-shared-components

feat/feature-flag

feat/document-authoring

feat/pie-chart-legend

feat/open-page

docs/add-gitpod-setup

docs/add-render-deploy

docs-coventional-commits

feat/table-actions

minor/updates-google-auth-refresh

feat/add-document-animation

feat/new-email-template

feat/password-reset

fix/send-error-double-send

fix/improve-stripe-webhook-endpoint

feat/support-custom-cert-paths

feat/DOC-170-add-name-field

fix/improve-general-styling

feat/DOC-210-sign-dialog-broken-on-second-opening

bugfix-#71/invalid-email-hint

chore/optimise-deps

test-pr

v2.9.1

v2.9.0

v2.8.1

v2.8.0

v2.7.1

v2.7.0

v2.6.1

v2.6.0

v2.5.1

v2.5.0

v2.4.0

v2.3.2

v2.3.1

v2.3.0

v2.2.8

v2.2.7

v2.2.6

v2.2.5

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.0

v2.0.14

v2.0.13

v2.0.12

v2.0.11

v2.0.10

v2.0.9

v2.0.8

v2.0.7

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v1.13.2

v1.13.1

v1.13.0

v1.12.10

v1.12.9

v1.12.8

v1.12.7

v1.12.6

v1.12.5

v1.12.4

v1.12.3

v1.12.2-rc.6

v1.12.2-rc.5

v1.12.2-rc.4

v1.12.2-rc.3

v1.12.2-rc.2

v1.12.2-rc.1

v1.12.2-rc.0

v1.12.1

v1.12.0

v1.12.0-rc.8

v1.12.0-rc.7

v1.12.0-rc.6

v1.12.0-rc.5

v1.12.0-rc.4

v1.12.0-rc.3

v1.12.0-rc.2

v1.12.0-rc.1

v1.12.0-rc.0

v1.11.1

v1.11.0

v1.10.3

v1.10.2

v1.10.1

v1.10.0

v1.10.0-rc.5

v1.10.0-rc.4

v1.10.0-rc.3

v1.10.0-rc.2

v1.10.0-rc.1

v1.10.0-rc.0

v1.9.1-rc.9

v1.9.1

v1.9.1-rc.8

v1.9.1-rc.7

v1.9.1-rc.6

v1.9.1-rc.5

v1.9.1-rc.4

v1.9.1-rc.3

v1.9.1-rc.2

v1.9.1-rc.1

v1.9.1-rc.0

v1.9.0

v1.9.0-rc.12

v1.9.0-rc.11

v1.9.0-rc.10

v1.9.0-rc.9

v1.9.0-rc.8

v1.9.0-rc.7

v1.9.0-rc.6

v1.9.0-rc.5

final-marketing-release

v1.9.0-rc.4

v1.9.0-rc.3

v1.9.0-rc.2

v1.9.0-rc.1

v1.9.0-rc.0

v1.8.1

v1.8.1-rc.9

v1.8.1-rc.8

v1.8.1-rc.7

v1.8.1-rc.6

v1.8.1-rc.5

v1.8.1-rc.4

v1.8.1-rc.3

v1.8.1-rc.2

v1.8.1-rc.1

v1.8.1-rc.0

v1.8.0-rc.4

v1.8.0

v1.8.0-rc.3

v1.8.0-rc.2

v1.8.0-rc.1

v1.8.0-rc.0

v1.7.2

v1.7.2-rc.4

v1.7.2-rc.3

v1.7.2-rc.2

v1.7.2-rc.1

v1.7.2-rc.0

v1.7.1-rc.3

v1.7.1

v1.7.1-rc.2

v1.7.1-rc.1

v1.7.1-rc.0

v1.7.0

v1.7.0-rc.5

v1.7.0-rc.4

v1.7.0-rc.3

v1.7.0-rc.2

v1.7.0-rc.1

v1.7.0-rc.0

v1.6.1

v1.6.1-rc.1

v1.6.1-rc.0

v1.6.0

v1.6.0-rc.3

v1.6.0-rc.2

v1.6.0-rc.1

v1.6.0-rc.0

v1.5.6

v1.5.6-rc.4

v1.5.6-rc.3

v1.5.6-rc.2

v1.5.6-rc.1

v1.5.6-rc.0

v1.5.5-rc.8

v1.5.5

v1.5.5-rc.7

v1.5.5-rc.6

v1.5.5-rc.5

v1.5.5-rc.4

v1.5.5-rc.3

v1.5.5-rc.2

v1.5.5-rc.1

v1.5.5-rc.0

v1.5.4-rc.5

v1.5.4

v1.5.4-rc.4

v1.5.4-rc.3

v1.5.4-rc.2

v1.5.4-rc.1

v1.5.4-rc.0

v1.5.3-rc.1

v1.5.3

v1.5.3-rc.0

v1.5.2-rc.8

v1.5.2

v1.5.2-rc.7

v1.5.2-rc.6

v1.5.2-rc.5

v1.5.2-rc.4

v1.5.2-rc.3

v1.5.2-rc.2

v1.5.2-rc.1

v1.5.2-rc.0

v1.5.1

v1.5.1-rc.0

v1.5.0-rc.6

v1.5.0

v1.5.0-rc.5

v1.5.0-rc.4

v1.5.0-rc.3

v1.5.0-rc.2

v1.5.0-rc.1

v1.5.0-rc.0

v1.4.0-rc.0

v1.4.0

v1.3.2-rc.0

v1.3.1-rc.2

v1.3.1

v1.3.1-rc.1

v1.3.1-rc.0

v1.3.0-rc.2

v1.3.0

v1.3.0-rc.1

v1.3.0-rc.0

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1

v1.0

v0.9

before-prettier

0.9-developer-preview

Labels

Clear labels   

Compliance

  

Stale

  

apps: marketing

  

apps: web

  

community

  

component: api

  

component: integrations

  

component: ui

  

duplicate

  

effort: low

  

effort: medium

  

good first issue

  

hacktoberfest

  

help wanted

  

needs triage

  

needs-replication

  

needs-testing

  

on-hold

  

osshack

  

priority: high

  

priority: low

  

priority: medium

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

roadmap

  

status: assigned

  

status: blocked

  

status: in progress

  

status: triage

  

type: bug

  

type: bug

  

type: bug

  

type: documentation

  

type: enhancement

  

type: feature

  

wontfix

  

💎 Bounty

  

💰 Rewarded

  

💰 Rewarded

No labels

Compliance

Stale

apps: marketing

apps: web

community

component: api

component: integrations

component: ui

duplicate

effort: low

effort: medium

good first issue

hacktoberfest

help wanted

needs triage

needs-replication

needs-testing

on-hold

osshack

priority: high

priority: low

priority: medium

pull-request

question

roadmap

status: assigned

status: blocked

status: in progress

status: triage

type: bug

type: bug

type: bug

type: documentation

type: enhancement

type: feature

wontfix

💎 Bounty

💰 Rewarded

💰 Rewarded

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/documenso#1950

No description provided.