Skip to content

🐛 Bug: Credential confirmation and password change still active with SSO enabled #10183

New issue
New issue
Open
Open
🐛 Bug: Credential confirmation and password change still active with SSO enabled#10183
@bernatvadell

Description

@bernatvadell
bernatvadell
opened on Oct 31, 2025

Description

We have deployed Huly in a corporate environment with SSO authentication via EntraID (Azure AD).
The SSO integration works correctly for login, but we’ve found issues in the Controlled Documents module and the user settings section.

1. Controlled Documents Module

When attempting to submit a document for review, the system prompts for email and password confirmation before submission.
However, with SSO enabled, users do not have a local password, which makes it impossible to proceed with this action.

The modal should:

  • Detect that the user is authenticated via SSO.
  • Skip password confirmation or use an alternative verification method (e.g., re-authentication with the SSO provider or a valid token check).

Expected behavior:
If SSO is enabled, the system should not request local credentials.
Verification should be handled by the identity provider (SSO).

Image

2. Change Password Option

Under Settings → Change password, the option to change a local password is still displayed, even when all users authenticate exclusively via SSO.
This option should be hidden or disabled when HIDE_LOCAL_LOGIN=true, since in a full SSO environment, local password management no longer applies or makes sense.

🔍 Steps to Reproduce

  1. Deploy Huly with EntraID (SSO) integration enabled.
  2. Log in using an SSO user (no local credentials).
  3. Go to Settings → Change password and notice that the change password form is still visible.

🧩 Expected Behavior

  • When local password login is disabled:

    • The system should not request local credentials for any operation.
    • The Change password option should be hidden or disabled.

  • The system should rely entirely on the SSO authentication mechanism for revalidation.

Image

⚙️ Environment Variables

Frontend:

HIDE_LOCAL_LOGIN=true
DISABLE_SIGNUP=true

Account service:

DISABLE_SIGNUP=true

🧠 Environment Details

  • Huly version: v0.7.266
  • Environment: Self-hosted / Corporate
  • Authentication: EntraID (Azure AD) via SSO
  • Local login: Disabled
  • Sign-up: Disabled

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions