-
Notifications
You must be signed in to change notification settings - Fork 0
Home
Kolin edited this page Jun 14, 2026
·
3 revisions
The SSO Authentication plugin enables single sign-on for Jellyfin, allowing users to log in through an external identity provider (IdP) with one click. It supports both OpenID Connect (OIDC) and SAML 2.0 protocols with full role-based access control (RBAC).
recording-resized.mp4
- One-click sign-in via OpenID Connect or SAML 2.0
- Automatic user account creation from SSO credentials
- Role-based access controlw: map IdP roles to Jellyfin libraries and permissions
- Live TV access control per role
- Self-service account linking page for end users
- Avatar URL provisioning from IdP claims
- Custom username claim selection
- Fallback authentication provider support
- API-driven configuration (full REST API)
- Modern admin configuration UI with i18n support
| Protocol | Status |
|---|---|
| OpenID Connect (OIDC) | Full UI + API support |
| SAML 2.0 | API support (UI coming) |
- Jellyfin 10.8 or higher (10.11.11+ recommended)
- Authentication clients: Jellyfin Web UI or Quick Connect, native apps are not supported
- An external identity provider that supports OIDC or SAML 2.0
- Logging out of Jellyfin does not log the user out of the SSO provider
- Works only with the Jellyfin web interface, not with native apps
- Google OIDC uses numeric usernames by default
- SAML provider configuration requires the API (no UI yet)
- A Jellyfin server restart is required after any configuration change
Getting Started
Configuration
Providers
Reference
Development