twentyhq · charlesBochet · Jan 10, 2025 · Jan 8, 2025 · Jan 8, 2025 · Jan 10, 2025
diff --git a/packages/twenty-front/src/generated/graphql.tsx b/packages/twenty-front/src/generated/graphql.tsx
@@ -178,7 +178,6 @@ export type ClientConfig = {
   defaultSubdomain?: Maybe<Scalars['String']>;
   frontDomain: Scalars['String'];
   isMultiWorkspaceEnabled: Scalars['Boolean'];
-  isSSOEnabled: Scalars['Boolean'];
   sentry: Sentry;
   signInPrefilled: Scalars['Boolean'];
   support: Support;
@@ -335,7 +334,6 @@ export enum FeatureFlagKey {
   IsJsonFilterEnabled = 'IsJsonFilterEnabled',
   IsMicrosoftSyncEnabled = 'IsMicrosoftSyncEnabled',
   IsPostgreSqlIntegrationEnabled = 'IsPostgreSQLIntegrationEnabled',
-  IsSsoEnabled = 'IsSSOEnabled',
   IsStripeIntegrationEnabled = 'IsStripeIntegrationEnabled',
   IsUniqueIndexesEnabled = 'IsUniqueIndexesEnabled',
   IsViewGroupsEnabled = 'IsViewGroupsEnabled',
@@ -2082,7 +2080,7 @@ export type UpdateBillingSubscriptionMutation = { __typename?: 'Mutation', updat
 export type GetClientConfigQueryVariables = Exact<{ [key: string]: never; }>;
 
 
-export type GetClientConfigQuery = { __typename?: 'Query', clientConfig: { __typename?: 'ClientConfig', signInPrefilled: boolean, isMultiWorkspaceEnabled: boolean, isSSOEnabled: boolean, defaultSubdomain?: string | null, frontDomain: string, debugMode: boolean, analyticsEnabled: boolean, chromeExtensionId?: string | null, canManageFeatureFlags: boolean, billing: { __typename?: 'Billing', isBillingEnabled: boolean, billingUrl?: string | null, billingFreeTrialDurationInDays?: number | null }, authProviders: { __typename?: 'AuthProviders', google: boolean, password: boolean, microsoft: boolean, sso: Array<{ __typename?: 'SSOIdentityProvider', id: string, name: string, type: IdentityProviderType, status: SsoIdentityProviderStatus, issuer: string }> }, support: { __typename?: 'Support', supportDriver: string, supportFrontChatId?: string | null }, sentry: { __typename?: 'Sentry', dsn?: string | null, environment?: string | null, release?: string | null }, captcha: { __typename?: 'Captcha', provider?: CaptchaDriverType | null, siteKey?: string | null }, api: { __typename?: 'ApiConfig', mutationMaximumAffectedRecords: number } } };
+export type GetClientConfigQuery = { __typename?: 'Query', clientConfig: { __typename?: 'ClientConfig', signInPrefilled: boolean, isMultiWorkspaceEnabled: boolean, defaultSubdomain?: string | null, frontDomain: string, debugMode: boolean, analyticsEnabled: boolean, chromeExtensionId?: string | null, canManageFeatureFlags: boolean, billing: { __typename?: 'Billing', isBillingEnabled: boolean, billingUrl?: string | null, billingFreeTrialDurationInDays?: number | null }, authProviders: { __typename?: 'AuthProviders', google: boolean, password: boolean, microsoft: boolean, sso: Array<{ __typename?: 'SSOIdentityProvider', id: string, name: string, type: IdentityProviderType, status: SsoIdentityProviderStatus, issuer: string }> }, support: { __typename?: 'Support', supportDriver: string, supportFrontChatId?: string | null }, sentry: { __typename?: 'Sentry', dsn?: string | null, environment?: string | null, release?: string | null }, captcha: { __typename?: 'Captcha', provider?: CaptchaDriverType | null, siteKey?: string | null }, api: { __typename?: 'ApiConfig', mutationMaximumAffectedRecords: number } } };
 
 export type SkipSyncEmailOnboardingStepMutationVariables = Exact<{ [key: string]: never; }>;
 
@@ -3493,7 +3491,6 @@ export const GetClientConfigDocument = gql`
     }
     signInPrefilled
     isMultiWorkspaceEnabled
-    isSSOEnabled
     defaultSubdomain
     frontDomain
     debugMode

diff --git a/packages/twenty-front/src/modules/app/components/AppRouter.tsx b/packages/twenty-front/src/modules/app/components/AppRouter.tsx
@@ -14,7 +14,6 @@ export const AppRouter = () => {
   const isCRMMigrationEnabled = useIsFeatureEnabled(
     FeatureFlagKey.IsCrmMigrationEnabled,
   );
-  const isSSOEnabled = useIsFeatureEnabled(FeatureFlagKey.IsSsoEnabled);
   const isServerlessFunctionSettingsEnabled = useIsFeatureEnabled(
     FeatureFlagKey.IsFunctionSettingsEnabled,
   );
@@ -32,7 +31,6 @@ export const AppRouter = () => {
         isBillingPageEnabled,
         isCRMMigrationEnabled,
         isServerlessFunctionSettingsEnabled,
-        isSSOEnabled,
         isAdminPageEnabled,
       )}
     />

diff --git a/packages/twenty-front/src/modules/app/components/SettingsRoutes.tsx b/packages/twenty-front/src/modules/app/components/SettingsRoutes.tsx
@@ -266,15 +266,13 @@ type SettingsRoutesProps = {
   isBillingEnabled?: boolean;
   isCRMMigrationEnabled?: boolean;
   isServerlessFunctionSettingsEnabled?: boolean;
-  isSSOEnabled?: boolean;
   isAdminPageEnabled?: boolean;
 };
 
 export const SettingsRoutes = ({
   isBillingEnabled,
   isCRMMigrationEnabled,
   isServerlessFunctionSettingsEnabled,
-  isSSOEnabled,
   isAdminPageEnabled,
 }: SettingsRoutesProps) => (
   <Suspense fallback={<SettingsSkeletonLoader />}>
@@ -391,12 +389,10 @@ export const SettingsRoutes = ({
       />
       <Route path={SettingsPath.Releases} element={<Releases />} />
       <Route path={SettingsPath.Security} element={<SettingsSecurity />} />
-      {isSSOEnabled && (
-        <Route
-          path={SettingsPath.NewSSOIdentityProvider}
-          element={<SettingsSecuritySSOIdentifyProvider />}
-        />
-      )}
+      <Route
+        path={SettingsPath.NewSSOIdentityProvider}
+        element={<SettingsSecuritySSOIdentifyProvider />}
+      />
       {isAdminPageEnabled && (
         <>
           <Route path={SettingsPath.AdminPanel} element={<SettingsAdmin />} />

diff --git a/packages/twenty-front/src/modules/app/hooks/useCreateAppRouter.tsx b/packages/twenty-front/src/modules/app/hooks/useCreateAppRouter.tsx
@@ -28,7 +28,6 @@ export const useCreateAppRouter = (
   isBillingEnabled?: boolean,
   isCRMMigrationEnabled?: boolean,
   isServerlessFunctionSettingsEnabled?: boolean,
-  isSSOEnabled?: boolean,
   isAdminPageEnabled?: boolean,
 ) =>
   createBrowserRouter(
@@ -65,7 +64,6 @@ export const useCreateAppRouter = (
                 isServerlessFunctionSettingsEnabled={
                   isServerlessFunctionSettingsEnabled
                 }
-                isSSOEnabled={isSSOEnabled}
                 isAdminPageEnabled={isAdminPageEnabled}
               />
             }

diff --git a/packages/twenty-front/src/modules/client-config/components/ClientConfigProviderEffect.tsx b/packages/twenty-front/src/modules/client-config/components/ClientConfigProviderEffect.tsx
@@ -9,7 +9,6 @@ import { isAnalyticsEnabledState } from '@/client-config/states/isAnalyticsEnabl
 import { isDebugModeState } from '@/client-config/states/isDebugModeState';
 import { isDeveloperDefaultSignInPrefilledState } from '@/client-config/states/isDeveloperDefaultSignInPrefilledState';
 import { isMultiWorkspaceEnabledState } from '@/client-config/states/isMultiWorkspaceEnabledState';
-import { isSSOEnabledState } from '@/client-config/states/isSSOEnabledState';
 import { sentryConfigState } from '@/client-config/states/sentryConfigState';
 import { supportChatState } from '@/client-config/states/supportChatState';
 import { domainConfigurationState } from '@/domain-manager/states/domainConfigurationState';
@@ -30,7 +29,6 @@ export const ClientConfigProviderEffect = () => {
   const setIsMultiWorkspaceEnabled = useSetRecoilState(
     isMultiWorkspaceEnabledState,
   );
-  const setIsSSOEnabledState = useSetRecoilState(isSSOEnabledState);
 
   const setBilling = useSetRecoilState(billingState);
   const setSupportChat = useSetRecoilState(supportChatState);
@@ -107,7 +105,6 @@ export const ClientConfigProviderEffect = () => {
 
     setChromeExtensionId(data?.clientConfig?.chromeExtensionId);
     setApiConfig(data?.clientConfig?.api);
-    setIsSSOEnabledState(data?.clientConfig?.isSSOEnabled);
     setDomainConfiguration({
       defaultSubdomain: data?.clientConfig?.defaultSubdomain,
       frontDomain: data?.clientConfig?.frontDomain,
@@ -129,7 +126,6 @@ export const ClientConfigProviderEffect = () => {
     setIsAnalyticsEnabled,
     error,
     setDomainConfiguration,
-    setIsSSOEnabledState,
     setAuthProviders,
     setCanManageFeatureFlags,
   ]);

diff --git a/packages/twenty-front/src/modules/client-config/graphql/queries/getClientConfig.ts b/packages/twenty-front/src/modules/client-config/graphql/queries/getClientConfig.ts
@@ -22,7 +22,6 @@ export const GET_CLIENT_CONFIG = gql`
       }
       signInPrefilled
       isMultiWorkspaceEnabled
-      isSSOEnabled
       defaultSubdomain
       frontDomain
       debugMode

diff --git a/packages/twenty-front/src/modules/client-config/states/isSSOEnabledState.ts b/packages/twenty-front/src/modules/client-config/states/isSSOEnabledState.ts
diff --git a/packages/twenty-front/src/pages/settings/security/SettingsSecurity.tsx b/packages/twenty-front/src/pages/settings/security/SettingsSecurity.tsx
@@ -1,17 +1,13 @@
 import styled from '@emotion/styled';
 import { H2Title, IconLock, Section, Tag } from 'twenty-ui';
 
-import { isSSOEnabledState } from '@/client-config/states/isSSOEnabledState';
 import { SettingsPageContainer } from '@/settings/components/SettingsPageContainer';
 import { SettingsReadDocumentationButton } from '@/settings/developers/components/SettingsReadDocumentationButton';
 import { SettingsSSOIdentitiesProvidersListCard } from '@/settings/security/components/SettingsSSOIdentitiesProvidersListCard';
 import { SettingsSecurityOptionsList } from '@/settings/security/components/SettingsSecurityOptionsList';
 import { getSettingsPagePath } from '@/settings/utils/getSettingsPagePath';
 import { SettingsPath } from '@/types/SettingsPath';
 import { SubMenuTopBarContainer } from '@/ui/layout/page/components/SubMenuTopBarContainer';
-import { useIsFeatureEnabled } from '@/workspace/hooks/useIsFeatureEnabled';
-import { useRecoilValue } from 'recoil';
-import { FeatureFlagKey } from '~/generated/graphql';
 
 const StyledContainer = styled.div`
   width: 100%;
@@ -29,10 +25,6 @@ const StyledSSOSection = styled(Section)`
 `;
 
 export const SettingsSecurity = () => {
-  const isSSOEnabled = useRecoilValue(isSSOEnabledState);
-  const isSSOSectionDisplay =
-    useIsFeatureEnabled(FeatureFlagKey.IsSsoEnabled) && isSSOEnabled;
-
   return (
     <SubMenuTopBarContainer
       title="Security"
@@ -47,23 +39,21 @@ export const SettingsSecurity = () => {
     >
       <SettingsPageContainer>
         <StyledMainContent>
-          {isSSOSectionDisplay && (
-            <StyledSSOSection>
-              <H2Title
-                title="SSO"
-                description="Configure an SSO connection"
-                adornment={
-                  <Tag
-                    text={'Enterprise'}
-                    color={'transparent'}
-                    Icon={IconLock}
-                    variant={'border'}
-                  />
-                }
-              />
-              <SettingsSSOIdentitiesProvidersListCard />
-            </StyledSSOSection>
-          )}
+          <StyledSSOSection>
+            <H2Title
+              title="SSO"
+              description="Configure an SSO connection"
+              adornment={
+                <Tag
+                  text={'Enterprise'}
+                  color={'transparent'}
+                  Icon={IconLock}
+                  variant={'border'}
+                />
+              }
+            />
+            <SettingsSSOIdentitiesProvidersListCard />
+          </StyledSSOSection>
           <Section>
             <StyledContainer>
               <H2Title

diff --git a/packages/twenty-front/src/testing/mock-data/config.ts b/packages/twenty-front/src/testing/mock-data/config.ts
@@ -3,7 +3,6 @@ import { CaptchaDriverType, ClientConfig } from '~/generated/graphql';
 export const mockedClientConfig: ClientConfig = {
   signInPrefilled: true,
   isMultiWorkspaceEnabled: false,
-  isSSOEnabled: false,
   authProviders: {
     google: true,
     magicLink: false,

diff --git a/packages/twenty-server/.env.example b/packages/twenty-server/.env.example
@@ -36,7 +36,6 @@ FRONT_PORT=3001
 # AUTH_GOOGLE_CLIENT_SECRET=replace_me_with_google_client_secret
 # AUTH_GOOGLE_CALLBACK_URL=http://localhost:3000/auth/google/redirect
 # AUTH_GOOGLE_APIS_CALLBACK_URL=http://localhost:3000/auth/google-apis/get-access-token
-# AUTH_SSO_ENABLED=false
 # SERVERLESS_TYPE=local
 # STORAGE_TYPE=local
 # STORAGE_LOCAL_PATH=.local-storage

diff --git a/packages/twenty-server/src/database/typeorm-seeds/core/feature-flags.ts b/packages/twenty-server/src/database/typeorm-seeds/core/feature-flags.ts
@@ -50,11 +50,6 @@ export const seedFeatureFlags = async (
         workspaceId: workspaceId,
         value: true,
       },
-      {
-        key: FeatureFlagKey.IsSSOEnabled,
-        workspaceId: workspaceId,
-        value: true,
-      },
       {
         key: FeatureFlagKey.IsGmailSendEmailScopeEnabled,
         workspaceId: workspaceId,

diff --git a/packages/twenty-server/src/engine/core-modules/client-config/client-config.entity.ts b/packages/twenty-server/src/engine/core-modules/client-config/client-config.entity.ts
@@ -65,9 +65,6 @@ export class ClientConfig {
   @Field(() => Boolean)
   isMultiWorkspaceEnabled: boolean;
 
-  @Field(() => Boolean)
-  isSSOEnabled: boolean;
-
   @Field(() => String, { nullable: true })
   defaultSubdomain: string;
 

diff --git a/packages/twenty-server/src/engine/core-modules/client-config/client-config.resolver.ts b/packages/twenty-server/src/engine/core-modules/client-config/client-config.resolver.ts
@@ -29,7 +29,6 @@ export class ClientConfigResolver {
         microsoft: this.environmentService.get('AUTH_MICROSOFT_ENABLED'),
         sso: [],
       },
-      isSSOEnabled: this.environmentService.get('AUTH_SSO_ENABLED'),
       signInPrefilled: this.environmentService.get('SIGN_IN_PREFILLED'),
       isMultiWorkspaceEnabled: this.environmentService.get(
         'IS_MULTIWORKSPACE_ENABLED',

diff --git a/packages/twenty-server/src/engine/core-modules/environment/environment-variables.ts b/packages/twenty-server/src/engine/core-modules/environment/environment-variables.ts
@@ -24,7 +24,6 @@ import { LLMTracingDriver } from 'src/engine/core-modules/llm-tracing/interfaces
 
 import { CacheStorageType } from 'src/engine/core-modules/cache-storage/types/cache-storage-type.enum';
 import { CaptchaDriverType } from 'src/engine/core-modules/captcha/interfaces';
-import { AssertOrWarn } from 'src/engine/core-modules/environment/decorators/assert-or-warn.decorator';
 import { CastToBoolean } from 'src/engine/core-modules/environment/decorators/cast-to-boolean.decorator';
 import { CastToLogLevelArray } from 'src/engine/core-modules/environment/decorators/cast-to-log-level-array.decorator';
 import { CastToPositiveNumber } from 'src/engine/core-modules/environment/decorators/cast-to-positive-number.decorator';
@@ -232,11 +231,6 @@ export class EnvironmentVariables {
   @ValidateIf((env) => env.AUTH_GOOGLE_ENABLED)
   AUTH_GOOGLE_CALLBACK_URL: string;
 
-  @CastToBoolean()
-  @IsOptional()
-  @IsBoolean()
-  AUTH_SSO_ENABLED = false;
-
   @IsString()
   @IsOptional()
   ENTERPRISE_KEY: string;
@@ -459,16 +453,6 @@ export class EnvironmentVariables {
 
   @IsString()
   @IsOptional()
-  @AssertOrWarn(
-    (env, value) =>
-      !env.AUTH_SSO_ENABLED ||
-      (env.AUTH_SSO_ENABLED &&
-        value !== 'replace_me_with_a_random_string_session'),
-    {
-      message:
-        'SESSION_STORE_SECRET should be changed to a secure, random string.',
-    },
-  )
   SESSION_STORE_SECRET = 'replace_me_with_a_random_string_session';
 
   @CastToBoolean()

diff --git a/packages/twenty-server/src/engine/core-modules/feature-flag/enums/feature-flag-key.enum.ts b/packages/twenty-server/src/engine/core-modules/feature-flag/enums/feature-flag-key.enum.ts
@@ -7,7 +7,6 @@ export enum FeatureFlagKey {
   IsFreeAccessEnabled = 'IS_FREE_ACCESS_ENABLED',
   IsFunctionSettingsEnabled = 'IS_FUNCTION_SETTINGS_ENABLED',
   IsWorkflowEnabled = 'IS_WORKFLOW_ENABLED',
-  IsSSOEnabled = 'IS_SSO_ENABLED',
   IsGmailSendEmailScopeEnabled = 'IS_GMAIL_SEND_EMAIL_SCOPE_ENABLED',
   IsAnalyticsV2Enabled = 'IS_ANALYTICS_V2_ENABLED',
   IsUniqueIndexesEnabled = 'IS_UNIQUE_INDEXES_ENABLED',

diff --git a/packages/twenty-server/src/engine/core-modules/sso/services/sso.service.ts b/packages/twenty-server/src/engine/core-modules/sso/services/sso.service.ts
@@ -9,8 +9,6 @@ import { Repository } from 'typeorm';
 import { BillingEntitlementKey } from 'src/engine/core-modules/billing/enums/billing-entitlement-key.enum';
 import { BillingService } from 'src/engine/core-modules/billing/services/billing.service';
 import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
-import { FeatureFlagKey } from 'src/engine/core-modules/feature-flag/enums/feature-flag-key.enum';
-import { FeatureFlagEntity } from 'src/engine/core-modules/feature-flag/feature-flag.entity';
 import {
   SSOException,
   SSOExceptionCode,
@@ -30,27 +28,13 @@ import {
 export class SSOService {
   private readonly featureLookUpKey = BillingEntitlementKey.SSO;
   constructor(
-    @InjectRepository(FeatureFlagEntity, 'core')
-    private readonly featureFlagRepository: Repository<FeatureFlagEntity>,
     @InjectRepository(WorkspaceSSOIdentityProvider, 'core')
     private readonly workspaceSSOIdentityProviderRepository: Repository<WorkspaceSSOIdentityProvider>,
     private readonly environmentService: EnvironmentService,
     private readonly billingService: BillingService,
   ) {}
 
   private async isSSOEnabled(workspaceId: string) {
-    const isSSOEnabledFeatureFlag = await this.featureFlagRepository.findOneBy({
-      workspaceId,
-      key: FeatureFlagKey.IsSSOEnabled,
-      value: true,
-    });
-
-    if (!isSSOEnabledFeatureFlag?.value) {
-      throw new SSOException(
-        `${FeatureFlagKey.IsSSOEnabled} feature flag is disabled`,
-        SSOExceptionCode.SSO_DISABLE,
-      );
-    }
     const isSSOBillingEnabled =
       await this.billingService.hasWorkspaceActiveSubscriptionOrFreeAccessOrEntitlement(
         workspaceId,
@@ -59,7 +43,7 @@ export class SSOService {
 
     if (!isSSOBillingEnabled) {
       throw new SSOException(
-        `${FeatureFlagKey.IsSSOEnabled} feature is enabled but no entitlement for this workspace`,
+        `No entitlement found for this workspace`,
         SSOExceptionCode.SSO_DISABLE,
       );
     }

diff --git a/packages/twenty-server/src/main.ts b/packages/twenty-server/src/main.ts
@@ -84,9 +84,7 @@ const bootstrap = async () => {
   generateFrontConfig();
 
   // Enable session - Today it's used only for SSO
-  if (environmentService.get('AUTH_SSO_ENABLED')) {
-    app.use(session(getSessionStorageOptions(environmentService)));
-  }
+  app.use(session(getSessionStorageOptions(environmentService)));
 
   await app.listen(environmentService.get('PORT'));
 };

diff --git a/packages/twenty-website/src/content/developers/self-hosting/setup.mdx b/packages/twenty-website/src/content/developers/self-hosting/setup.mdx
@@ -116,7 +116,6 @@ yarn command:prod cron:calendar:ongoing-stale
     ['AUTH_GOOGLE_CLIENT_SECRET', '', 'Google client secret'],
     ['AUTH_GOOGLE_CALLBACK_URL', 'https://[YourDomain]/auth/google/redirect', 'Google auth callback'],
     ['AUTH_MICROSOFT_ENABLED', 'false', 'Enable Microsoft SSO login'],
-    ['AUTH_SSO_ENABLED', 'false', 'Enable SSO with SAML or OIDC'],
     ['AUTH_MICROSOFT_CLIENT_ID', '', 'Microsoft client ID'],
     ['AUTH_MICROSOFT_TENANT_ID', '', 'Microsoft tenant ID'],
     ['AUTH_MICROSOFT_CLIENT_SECRET', '', 'Microsoft client secret'],