Authentication Strategies Update
Dimitrie Stefanescu
September 2nd 2019 serverdev


Speckle is seeing quite a number of internal corporate deployments. One of the main requirements towards making Speckle an exciting enterprise platform is end-user authentication. Consequently, we've re-architected the authentication flows on the server to be able to leverage multiple providers.

Currently supported identity providers:

  • Azure Active Directory
  • Github
  • Auth0
  • The default email + password


Don't see yours there? Raise an issue on github and we'll look into adding an authentication strategy that suits, if possible.

Server Configuration

All the necessary information needs to be populated in the server's .env file. By default, only the standard username (email) & password strategy is enabled. All the others are opt-in, and to use them, you will first need to populate the required information for each.

For example, to enable Azure Active Directory as identity provider, first create an app registration. Then, populate your server's .env file with the following:

# Azure AD
AZUREAD_ORG_NAME="your organization name"
AZUREAD_CLIENT_ID="your application client id"
AZUREAD_IDENTITY_METADATA="your identity metadata"
AZUREAD_CLIENT_SECRET="your app's client secret"


If you want to have only this strategy enabled, make sure you disable the others. For other strategies, check the .env-base file. Here's an example of this strategy at work:


For a full changelog, make sure to check the releases page. Thanks to Antoine Dao for setting up proper semver releases!

Bonus: Password Resets

If you're using the default username + password strategy, you can now reset your password! In order for your server to support this, you will need to setup an email sending service, as described in the .env file. The public test server, hestia, already supports this.