grommunio-auth extends the grommunio platform with centralized authentication and single sign-on capabilities. The solution is based on Keycloak and supports modern standards such as OpenID Connect, OAuth2, and SAML.

This allows existing identity and user management systems to be integrated into the groupware platform.

grommunio-auth is based on Keycloak, an open-source identity and access management platform.

Keycloak supports:

• Single Sign-On (SSO)
• Multi-Factor Authentication (MFA)
• User and role management
• OpenID Connect
• OAuth2
• SAML
• Identity federation

This makes grommunio-auth suitable for both small Linux environments and enterprise infrastructures.

Yes. grommunio-auth supports centralized single sign-on architectures via OpenID Connect and SAML.

Users can authenticate using existing enterprise accounts without managing separate credentials within the groupware platform.

Yes. The platform supports integration with existing identity and SSO environments.

Typical integrations include:

• Keycloak
• Microsoft Entra ID / Azure AD
• Authentik
• Okta
• Active Directory Federation Services
• Other OpenID Connect or SAML-compatible providers

This allows grommunio to operate as part of an existing identity strategy.

Yes. Various multi-factor authentication mechanisms can be integrated through Keycloak.

These include:

• TOTP
• Authenticator apps
• WebAuthn
• Hardware tokens
• Passwordless authentication

This enables organizations to implement centralized security policies consistently.

Yes. Keycloak supports integration with existing LDAP and Active Directory environments.

User accounts can therefore be managed centrally and used for authentication within grommunio.

Yes. OpenID Connect (OIDC) is one of the core authentication standards within grommunio-auth.

This enables modern SSO architectures for Linux, cloud, and hybrid environments.

Yes. In production SSO environments, local login can be completely disabled.

Authentication requests are then redirected directly to the centralized identity provider, creating a consistent login experience across all connected systems.

Yes. The solution is designed for production enterprise and Linux environments with centralized requirements for:

• Identity management
• Access control
• Security policies
• User management
• Multi-factor authentication
• Single sign-on

Thanks to its open-source foundation, the platform remains flexible and transparently extensible.

Yes. Especially in combination with:

• XWiki
• OpenProject
• Nextcloud
• Keycloak
• Linux infrastructures

fully integrated open-source collaboration platforms can be built.

This allows organizations to implement centralized identity and security concepts consistently across multiple systems.

Yes. grommunio-auth is fully based on open-source technologies and can be operated within an organization’s own Linux or data center infrastructures.

This allows organizations to retain control over:

• User management
• Authentication processes
• Security policies
• Data storage
• Infrastructure
• Integrations

This makes the platform especially attractive for enterprises, public authorities, and organizations focused on digital sovereignty and European open-source strategies.