RedmineShop
Join waitlist
SSO and Access Suite for Redmine
PreviewJoin the waitlist for early access and launch pricing.
Plugin

SSO & Access Suite

Enterprise SSO (SAML 2.0, OIDC), group sync, session policy, and audit-friendly login logging for self-hosted Redmine.

Coming soon — join waitlistv0.1.0-preview
Join the waitlistView pricing tiers

Redmine compatibility

6.x5.1.x5.0.x5.x

SSO & Access Suite

Status: In development — Phase 1 (P0). The first commercial suite from RedmineShop. Brings enterprise-grade single sign-on and access governance to self-hosted Redmine without maintaining a custom fork or brittle one-off plugins.

The problem

IT teams running Redmine on their own infrastructure are asked to enforce corporate identity standards: SAML/OIDC with Okta, Microsoft Entra ID, or Google Workspace; automatic group and role mapping; and evidence for security audits. Stock Redmine authentication is username/password centric. Community plugins exist but vary in quality, Redmine version support, and long-term maintenance.

Who it is for

  • System administrators responsible for Redmine uptime, upgrades, and IdP integration
  • Security / compliance leads who need login audit trails and predictable session behavior
  • Engineering managers at 50–500 person companies standardizing tools behind corporate SSO

Capabilities

Phase 1 — v1.0 (launch target)

  • SAML 2.0 SP mode with metadata export and signed assertions
  • OpenID Connect (OAuth 2.0) with authorization code flow
  • Microsoft Entra ID and Google Workspace quick-start guides
  • JIT user provisioning on first SSO login
  • Group / role mapping rules from IdP claims (configurable mapping table)
  • Login event log: user, method, IP, timestamp, success/failure — exportable CSV
  • Admin diagnostics page: test IdP metadata, decode SAML response (sanitized), common misconfiguration hints
  • License activation, compatibility matrix, uninstall-safe migrations

Phase 2 — v1.x

  • Session policy: idle timeout, concurrent session limits, forced re-auth for sensitive actions
  • SCIM-lite user deprovisioning hooks (disable on IdP signal where supported)
  • LDAP read-only fallback mode for break-glass admin accounts
  • Multi-IdP support (e.g. staff vs contractor realms)

Phase 3 — future

  • Step-up authentication integration points for 2FA enforcement policies
  • SIEM-friendly log shipping (syslog / JSON webhook)

Compatibility

Targets Redmine 5.1.x and 6.x on Ruby 3.x. PostgreSQL and MySQL/MariaDB. Test matrix published before GA.

Planned pricing

  • Annual license: from $449/year (single production instance)
  • Enterprise Suite bundle: included in RedmineShop Enterprise Suite — see Enterprise Suite

Includes updates and async email support. No hosted SaaS — you run Redmine; we ship the plugin and documentation.

Why RedmineShop

  • Install guide written for admins, not Ruby developers
  • Compatibility matrix and changelog with every release
  • Diagnostics built in to reduce back-and-forth support tickets

Join the waitlist for early access and launch pricing.