Skip to Content

Flexigo 2FA SSO SAML OIDC Modern Bundle

by
Odoo
v 17.0 Third Party 5
Download for v 17.0 Deploy on Odoo.sh Live Preview
Availability
Odoo Online
Odoo.sh
On Premise
Odoo Apps Dependencies Discuss (mail)
Lines of code 5739
Technical Name flexigo_2fa_sso_saml_oidc_modern_bundle_for_odoo_commun
LicenseLGPL-3
Websitehttps://flexigotech.com
Versions 17.0 18.0 19.0
You bought this module and need support? Click here!
Availability
Odoo Online
Odoo.sh
On Premise
Odoo Apps Dependencies Discuss (mail)
Lines of code 5739
Technical Name flexigo_2fa_sso_saml_oidc_modern_bundle_for_odoo_commun
LicenseLGPL-3
Websitehttps://flexigotech.com
Versions 17.0 18.0 19.0

Odoo 19 Community authentication

Flexigo 2FA SSO SAML OIDC Modern Bundle

Bring SAML 2.0, OpenID Connect, TOTP, FIDO2 passkeys, SCIM 2.0 provisioning, audit logs, and MFA coverage reports into Odoo Community without paid license lock-in.

Odoo 19 LGPL-3 Free public module SAML + OIDC + MFA + SCIM

Flexigo 2FA SSO SAML OIDC Modern Bundle banner showing secure identity protection for Odoo

Problem: authentication gaps create risk

Odoo Community teams often run business-critical data with local passwords, manual onboarding, weak second-factor coverage, and limited authentication evidence for security reviews.

Identity drift

Users disabled in the identity provider can remain active in Odoo when provisioning is manual or delayed.

MFA evidence gaps

Security teams need clear proof of MFA enforcement for NIS2, PCI-DSS, ISO 27001, and internal audit controls.

Fragmented login stack

Separate SSO, MFA, session, and provisioning tools make configuration harder and audit trails incomplete.

Solution: one authentication bundle for Odoo

The module centralizes SAML 2.0, OpenID Connect, MFA policy enforcement, SCIM provisioning logs, active sessions, and compliance reporting in native Odoo backend menus.

SAML 2.0 service provider

Connect Azure AD, Okta, Google Workspace, ADFS, Keycloak, and compatible enterprise identity providers.

OpenID Connect relying party

Use authorization-code flow, PKCE, discovery, nonce, and state validation for modern identity federation.

MFA policy layer

Apply TOTP and FIDO2 passkey requirements by company, group, identity provider, and grace period.

SCIM 2.0 provisioning

Track user lifecycle operations from the IdP with source, operation, success state, and affected user fields.

Audit and sessions

Review authentication events, active sessions, methods, IP addresses, and security outcomes in one place.

Coverage reporting

Create MFA coverage records that support NIS2, PCI-DSS, GDPR Article 32, and ISO 27001 evidence packs.

Walkthrough video carousel

The video assets are produced downstream from the runtime screenshots. The player references all three language files with local and GitHub raw fallbacks for Apps Store delivery.

English — 2-minute walkthrough
Espanol — walkthrough de 2 minutos
Deutsch — 2-Minuten-Rundgang
2-minute walkthrough with native narration and black-text subtitles — expand the language you prefer.

Runtime screenshot gallery

Every screenshot below is a real backend capture from the seeded Odoo runtime install.

Identity Provider Connections list with five active federations (Azure Entra ID SAML 2.0, Okta SAML, Google Workspace OIDC and two demo IdPs), showing Protocol, Active, JIT and SCIM provisioning flags and the per-IdP Fallback Mode (Allow All, SSO Only, Local Login Only)
1 · Identity Provider Connections list with five active federations (Azure Entra ID SAML 2.0, Okta SAML, Google Workspace OIDC and two demo IdPs), showing Protocol, Active, JIT and SCIM provisioning flags and the per-IdP Fallback Mode (Allow All, SSO Only, Local Login Only).
MFA Policies list used to enforce a second factor per company, showing policy name, accepted factor types (TOTP and FIDO2), grace period and active state for NIS 2 and PCI-DSS multi-factor evidence
2 · MFA Policies list used to enforce a second factor per company, showing policy name, accepted factor types (TOTP and FIDO2), grace period and active state for NIS 2 and PCI-DSS multi-factor evidence.
Auth Event Log showing the append-only audit trail of authentication events with timestamp, authentication method, user, IdP connection, success flag, severity, source IP and failure reason for security reviews
3 · Auth Event Log showing the append-only audit trail of authentication events with timestamp, authentication method, user, IdP connection, success flag, severity, source IP and failure reason for security reviews.
SCIM and JIT Provisioning Log recording user lifecycle operations (create, update, replace, deactivate, reactivate) pushed by the identity provider, with timestamp, IdP connection, affected user, operation and source columns
4 · SCIM and JIT Provisioning Log recording user lifecycle operations (create, update, replace, deactivate, reactivate) pushed by the identity provider, with timestamp, IdP connection, affected user, operation and source columns.
Active Sessions inventory for session oversight, listing current SAML, OIDC, TOTP-challenge and local-password sessions with user, IdP connection, authentication method, IP address and last activity so an admin can review and revoke access
5 · Active Sessions inventory for session oversight, listing current SAML, OIDC, TOTP-challenge and local-password sessions with user, IdP connection, authentication method, IP address and last activity so an admin can review and revoke access.
Authentication Settings configuration page where an administrator tunes single sign-on behaviour, MFA enforcement scope, SCIM provisioning and audit-log retention for the whole bundle from one place
6 · Authentication Settings configuration page where an administrator tunes single sign-on behaviour, MFA enforcement scope, SCIM provisioning and audit-log retention for the whole bundle from one place.

Audience

IT managers

Reduce manual password resets, onboard users through the IdP, and keep Odoo access aligned with corporate identity policy.

Security officers

Use MFA policies, event logs, active sessions, and coverage reports to support security monitoring and audit reviews.

Odoo partners

Deliver enterprise authentication patterns for Community customers while keeping the module open and extensible.

Compatibility

Odoo versions

Designed for Odoo 19 Community and Enterprise installations using the standard base, web, and mail modules.

Optional Python libraries

SAML, OIDC, TOTP, and FIDO2 features use guarded optional dependencies so hosts can install the module cleanly.

Pricing

Free public LGPL-3 release

This module is published as a free brand-building asset. There is no Odoo Apps license price, and implementation support can be discussed through FlexigoTech services.

FAQ

Does this replace an external identity provider?

No. It connects Odoo to identity providers such as Azure AD, Okta, Google Workspace, ADFS, and Keycloak.

Can it support both SAML and OpenID Connect?

Yes. The module includes SAML 2.0 service provider flows and OpenID Connect relying party flows.

How does MFA enforcement work?

Administrators configure MFA policies by company, IdP, or group, with grace periods and accepted factor types.

Is SCIM included?

Yes. The provisioning log records SCIM and JIT lifecycle events including operation, source, affected user, and success status.

Does this guarantee legal compliance?

No software alone guarantees compliance. The module provides authentication controls and evidence that can support NIS2, PCI-DSS, GDPR Article 32, and ISO 27001 programs.

Secure Odoo Community authentication

Deploy SAML, OIDC, MFA, SCIM, and audit evidence in one Odoo-native module.

Contact FlexigoTech

Please log in to comment on this module

  • The author can leave a single reply to each comment.
  • This section is meant to ask simple questions or leave a rating. Every report of a problem experienced while using the module should be addressed to the author directly (refer to the following point).
  • If you want to start a discussion with the author, please use the developer contact information. They can usually be found in the description.