| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
Discuss (mail)
|
| Lines of code | 800 |
| Technical Name |
gb_two_factor_sso_enforcer |
| License | OPL-1 |
| Website | https://gencbaris.com/odoo_plugins/ |
| Versions | 18.0 19.0 |
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
Discuss (mail)
|
| Lines of code | 800 |
| Technical Name |
gb_two_factor_sso_enforcer |
| License | OPL-1 |
| Website | https://gencbaris.com/odoo_plugins/ |
| Versions | 18.0 19.0 |
Two-Factor / SSO Enforcer
Enforce 2FA, BYOK SAML/OIDC SSO and login policy (Cyber Essentials)
Strong authentication shouldn't require an Enterprise subscription. This module adds RFC 6238 TOTP two-factor authentication, configurable login and password policy, and a Bring-Your-Own-Key registry for your own SAML / OIDC identity provider — with a full security audit log. Everything is policy, validation and TOTP logic that runs entirely inside your Odoo; transport stays with your IdP.
Key Features
TOTP two-factor auth
Per-user secret, RFC 6238 verification, otpauth provisioning URI and single-use recovery codes — a pure-Python engine (hmac + base32) with no third-party library.
2FA enforcement policies
Require 2FA for chosen security groups, with an enrolment-required gate and a configurable grace period.
Login & password policy
Minimum password length and strength score, password rotation age, max failed attempts → lockout, and an IP allow-list.
BYOK SSO registry
Store your customer IdP's SAML metadata or OIDC discovery document, validate it, and parse it into issuer and endpoint details.
Security audit log
Every enforcement decision — lockouts, 2FA failures, policy violations — is logged with user, login and IP for review.
No third-party calls
The module never calls an external service on your behalf; authentication transport remains with your own identity provider.
Cyber Essentials ready
2FA enforcement, password complexity, account lockout and IP allow-listing map directly to common UK Cyber Essentials controls.
No vendor lock-in
BYOK SSO means you connect your existing identity provider — no Enterprise SSO and no mandatory middleware.
Screenshots
Audit Log
Login Policies
Sso Providers
Why Choose This Module
IT and security administrators, MSPs and businesses pursuing Cyber Essentials or ISO 27001, and any organisation that needs enforced 2FA and SSO on Odoo Community.
Specifications
- Compatible: Odoo 18.0 / 19.0
- License: LGPL-3
- Languages: 35+
- Author: Baris Genc
- Dependencies: base, mail
- Support: odoo@gencbaris.com
Odoo Proprietary License v1.0 This software and associated files (the "Software") may only be used (executed, modified, executed after modifications) if you have purchased a valid license from the authors, typically via Odoo Apps, or if you have received a written agreement from the authors of the Software (see the COPYRIGHT file). You may develop Odoo modules that use the Software as a library (typically by depending on it, importing it and using its resources), but without copying any source code or material from the Software. You may distribute those modules under the license of your choice, provided that this license is compatible with the terms of the Odoo Proprietary License (For example: LGPL, MIT, or proprietary licenses similar to this one). It is forbidden to publish, distribute, sublicense, or sell copies of the Software or modified copies of the Software. The above copyright notice and this permission notice must be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Please log in to comment on this module