Google SSO with email and password

Hey, fellow devs,
Currently, our org uses the 0.36 version of Metabase, and we are planning to upgrade to the latest version but have some questions before proceeding, would really appreciate the help here.

  • Does the latest open-source version allows a user to log in via Google SSO along with email and password also?

  • How to obtain a session token while making API calls from a user, which authenticates via Google SSO? I know, using email and password I can get the "X-Metabase-Session" value but since the user is authenticated via Google Oauth, email and password is not available.

Any input would be very helpful!

Thanks in advance..
Happy coding!

  1. yes
  2. you’ll have to do the full oauth flow programmatically to get the session token

We’re planning to integrate api tokens soon

Thanks, @Luiggi for the reply.
For the first query:

I hosted Metabase in AWS using the Elastic Beanstalk template provided on the Metabase website, it is using v0.46.7 version.
However, I cannot create a new user with an email and password, only invite option is available in admin panel. Neither can I find any option to enable or disable login in via email and password as is available in the attached image.

What additional configurations are required to enable login via email n password? If a user has signed up using an invite, how can I enable login for the same user via email & password?
Do I need to configure LDAP or only Google SSO would suffice?

This is how settings page look like for open source v0.46.7:

Do you know, if attached screenshot is available in open source version or Pro/Enterprise version?

If, this is not available in open source version, what does the statement "Allows users with existing Metabase accounts to login with a Google account that matches their email address in addition to their Metabase username and password." means?

For second query:
I have received access token after success sign-in on google and using token while calling "/api/session/google_auth" but its failing with "BAD REQUEST" error with
"X-Frame-Options": "SAMEORIGIN"

How can I achieve full oauth flow programmatically?

Fellow folks are welcome to answer!

Thanks again!! :innocent:

Facing the same issue.

My Google SSO is not working, showing the following error:

because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval'.....

Also couldn't see the 'enable password' option.

Any solutions/suggestions, folks?

Second screenshot is only pro/enterprise. The only way to create users is to invite them via the admin console

Try always upgrading to latest version and cleaning your frontend cache and purging your CDN