Single-Sign-On—Simplified Authentications

External login for Entra ID, Keycloak and other IdPs

The b13 Single-Sign-On solution connects TYPO3 to your organization’s external Identity Provider, allowing website users, editors, and administrators to log in using their central account. Users authenticate once via your IdP and can securely access TYPO3 without managing separate credentials.

Built on the SAML authentication standard (encrypted / signed XML exchange), the solution works with Microsoft Entra ID, Keycloak, SAP Cloud Platform Identity, and other compatible identity providers.

A black key icon is positioned within a series of overlapping squares on a light blue background, symbolizing security or access control.
A computer monitor displaying a speedometer gauge, indicating performance metrics with arrows representing data flow.

The Problem: Complexity and Inefficiency

Managing user access in TYPO3 can be complex and time-consuming:

  • Users need separate credentials for TYPO3 even though a central login system already exists.
  • Manual provisioning and offboarding of user accounts is time-consuming and error-prone.
  • Supporting multiple systems while maintaining TYPO3’s fine-grained permissions is difficult.
A golden trophy with a padlock, surrounded by arrows and blocks, symbolizing security and achievement in a digital context.

Our Solution: Single-Sign-On With an External IdP

Single Sign-On enables you to log in once via your external Identity Provider (IdP) and easily access TYPO3 and other connected systems.

Using the SAML authentication protocol, TYPO3 connects to your central identity provider such as Microsoft Entra ID, Keycloak, SAP Cloud Platform Identity, or other SAML-compatible IdPs. This allows TYPO3 to rely on centralized authentication while keeping full control over permissions inside TYPO3.

Benefits of Single-Sign-On

Three rows of icons featuring shields with checkmarks, connecting lines, circles, and gears, representing security and configuration processes.

Access and Control Within TYPO3 

With external management of user access, all the central login credentials of your organization—controlled in your central system (IdP)—can be connected to TYPO3 while fine-grained permission management is still maintained within TYPO3. 

A collection of teal gears with arrows, symbolizing mechanics, engineering, or processes.

Flexible Login and Logout Flows

In this setup, TYPO3 always acts as the Service Provider (SP) and, with the b13 Single-Sign-On solution, can process an SP-initiated login, an SP-initiated logout, or an IdP-initiated logout. 

Checklist with three red checkmarks alongside a gold shield icon, symbolizing security and verification.

Additional Security and Identity Features

Through the IdP, additional features can be controlled, such as Single-Sign-On for other applications, support for Multi-Factor Authentication (MFA), and simplified offboarding processes for internal users.

Green checkmark inside a circular loading symbol on a blue background, indicating completion or success.

Proven Integrations

The b13 Single-Sign-On solution has already been successfully used with Microsoft Entra ID, Keycloak and SAP Cloud Platform Identity Authentication Service, while other SAML-compatible IdPs can also be integrated easily.

Three abstract figures with gears and a padlock, symbolizing teamwork and security in a digital context.

How It Works

The b13 Single-Sign-On solution is based on a TYPO3 extension and a SAML library. The application server issues a certificate and a private key that are used to sign and encrypt the XML data. The TYPO3 extension allows the login (authentication) to be configured via a YAML file or an XML file. In addition to the metadata URL, further functions can be configured.

Additional Functions

An upward arrow next to a clock, symbolizing time management or productivity improvement.

Just-in-Time Provisioning

Automatically create TYPO3 users from your Identity Provider when they log in for the first time, or restrict access to existing TYPO3 accounts only.

Two stylized human figures, one in red and one in teal, separated by a vertical line, with horizontal stripes beneath each figure.

Separate Access for Editors and Visitors

Configure Single Sign-On for frontend users, backend editors, or both. In multisite setups, authentication can be configured per site.

Graphic depicting a user profile with three checkmarks and three stars below, symbolizing ratings or feedback.

Group and Attribute Mapping

Map IdP groups to TYPO3 user groups and transfer SAML attributes such as email address, country, or organizational role.

A stylized graphic showing a person icon and a hand pointing at a blue interface with sections, suggesting interaction with a digital display.

Hybrid Login Support

Use Single Sign-On alongside native TYPO3 accounts. SSO users authenticate via the IdP, while other users can still log in locally.

System Requirements

  • TYPO3 v12 LTS or v13 LTS
  • PHP 8.2+ with OpenSSL
  • SAML metadata (URL or XML)

Example configurations for local development using Keycloak and DDEV are available. Different IdPs can also be configured per development, testing, and production environment.

You receive:

  • access to a private Git repository
  • full documentation
  • onboarding call (~1 hour)
  • updates and bug fixes
A flexed arm with a gear icon, surrounded by colorful dots and a speech bubble, symbolizing strength and technology or communication.

Price & Availability

Single Sign-On is available starting with TYPO3 v12 and can be purchased for an annual license fee of €999 (excl. VAT). The setup and onboarding are charged as a one-time fee of €299 (excl. VAT).

Secure TYPO3 authentication today

A black key icon is positioned within a series of overlapping squares on a light blue background, symbolizing security or access control.

Connect TYPO3 to your organization’s identity provider and simplify authentication for editors, administrators, and users.

Get started todayDownload product info
A black key icon is positioned within a series of overlapping squares on a light blue background, symbolizing security or access control.