feat: Control the allowed login methods via Super Admin (#12892)

- Control the allowed authentication methods for a chatwoot installation via super admin configs. [SAML, Google Auth etc] ------ [Codex Task](https://chatgpt.com/codex/tasks/task_e_6917d503b6e48326a261672c1de91462) --------- Co-authored-by: Pranav <pranav@chatwoot.com> Co-authored-by: Sivin Varghese <64252451+iamsivin@users.noreply.github.com>
2025-11-17 21:55:12 -08:00
parent 5b56f64838
commit 77f492590e
14 changed files with 107 additions and 14 deletions
--- a/app/javascript/dashboard/i18n/locale/en/settings.json
+++ b/app/javascript/dashboard/i18n/locale/en/settings.json
@@ -411,6 +411,7 @@
    "TITLE": "Security",
    "DESCRIPTION": "Manage your account security settings.",
    "LINK_TEXT": "Learn more about SAML SSO",
+    "SAML_DISABLED_MESSAGE": "SAML SSO is currently disabled. Please contact your administrator to enable this feature.",
    "SAML": {
      "TITLE": "SAML SSO",
      "NOTE": "Configure SAML single sign-on for your account. Users will authenticate through your identity provider instead of using email/password.",
--- a/app/javascript/dashboard/routes/dashboard/settings/security/Index.vue
+++ b/app/javascript/dashboard/routes/dashboard/settings/security/Index.vue
@@ -10,13 +10,23 @@ import { INSTALLATION_TYPES } from 'dashboard/constants/installationTypes';
 import { FEATURE_FLAGS } from 'dashboard/featureFlags';
 const { shouldShow, shouldShowPaywall } = usePolicy();

-const shouldShowSaml = computed(() =>
-  shouldShow(
+const allowedLoginMethods = computed(
+  () => window.chatwootConfig.allowedLoginMethods || ['email']
+);
+
+const isSamlSsoEnabled = computed(() =>
+  allowedLoginMethods.value.includes('saml')
+);
+
+const shouldShowSaml = computed(() => {
+  const hasPermission = shouldShow(
    FEATURE_FLAGS.SAML,
    ['administrator'],
    [INSTALLATION_TYPES.CLOUD, INSTALLATION_TYPES.ENTERPRISE]
-  )
-);
+  );
+  return hasPermission && isSamlSsoEnabled.value;
+});
+
 const showPaywall = computed(() => shouldShowPaywall('saml'));
 </script>

@@ -36,6 +46,9 @@ const showPaywall = computed(() => shouldShowPaywall('saml'));
    <template #body>
      <SamlPaywall v-if="showPaywall" />
      <SamlSettings v-else-if="shouldShowSaml" />
+      <div v-else class="mt-6 text-sm text-slate-600">
+        {{ $t('SECURITY_SETTINGS.SAML_DISABLED_MESSAGE') }}
+      </div>
    </template>
  </SettingsLayout>
 </template>
--- a/app/javascript/v3/views/auth/signup/components/Signup/Form.vue
+++ b/app/javascript/v3/views/auth/signup/components/Signup/Form.vue
@@ -99,8 +99,14 @@ export default {
      }
      return '';
    },
+    allowedLoginMethods() {
+      return window.chatwootConfig.allowedLoginMethods || ['email'];
+    },
    showGoogleOAuth() {
-      return Boolean(window.chatwootConfig.googleOAuthClientId);
+      return (
+        this.allowedLoginMethods.includes('google_oauth') &&
+        Boolean(window.chatwootConfig.googleOAuthClientId)
+      );
    },
    isFormValid() {
      return !this.v$.$invalid && this.hasAValidCaptcha;
@@ -296,7 +302,7 @@ export default {
    </form>
    <div class="flex flex-col">
      <SimpleDivider
-        v-if="showGoogleOAuth || showSamlLogin"
+        v-if="showGoogleOAuth"
        :label="$t('COMMON.OR')"
        bg="bg-n-background"
        class="uppercase"
--- a/app/javascript/v3/views/login/Index.vue
+++ b/app/javascript/v3/views/login/Index.vue
@@ -2,7 +2,6 @@
 // utils and composables
 import { login } from '../../api/auth';
 import { mapGetters } from 'vuex';
-import { parseBoolean } from '@chatwoot/utils';
 import { useAlert } from 'dashboard/composables';
 import { required, email } from '@vuelidate/validators';
 import { useVuelidate } from '@vuelidate/core';
@@ -85,14 +84,20 @@ export default {
  },
  computed: {
    ...mapGetters({ globalConfig: 'globalConfig/get' }),
+    allowedLoginMethods() {
+      return window.chatwootConfig.allowedLoginMethods || ['email'];
+    },
    showGoogleOAuth() {
-      return Boolean(window.chatwootConfig.googleOAuthClientId);
+      return (
+        this.allowedLoginMethods.includes('google_oauth') &&
+        Boolean(window.chatwootConfig.googleOAuthClientId)
+      );
    },
    showSignupLink() {
-      return parseBoolean(window.chatwootConfig.signupEnabled);
+      return window.chatwootConfig.signupEnabled === 'true';
    },
    showSamlLogin() {
-      return this.globalConfig.isEnterprise;
+      return this.allowedLoginMethods.includes('saml');
    },
  },
  created() {