Add Single Sign-on for Superset integrated with OLMIS


Potential user stories:

  • As a user I want to be able to use one set of credentials across all of the tools I need access to as an OpenLMIS user.

  • Note that if we embed portions of Superset within OpenLMIS an OpenLMIS user may not need access to them.

  • As a system administrator I want to secure my data and ensure no one has more access than they should

Tasks to break out:

  • Identify actor roles for each component of the reporting stack. Who needs what access?

  • Decide what tools we want to cover with SSO

  • At least RBAC for Superset

  • Maybe NiFi

  • Maybe RBAC for NiFi Registry, but this requires Kerberos or LDAP

  • Review existing tools

  • Review the OAuth process of OpenLMIS

  • Review Apache Ranger, since it's a common data warehouse RBAC platform

  • Review existing open source 3rd party SSO solutions

  • Compare their support for OAuth, LDAP, Kerberos, etc.

  • Decide whether we use a separate 3rd party SSO or rely on OpenLMIS for user management




Peter Lubell-Doughtie


Fix versions

Affects versions



Epic Name

Single Sign-on