There is AFAIK no OAuth2/SAML support for ODK Central, but it would be indeed a nice feature.
Is there anyway we can use LDAP to authenticate for ODK Central?
AFAIK, LDAP is not available either.
It seems like there is some work going on to allow OIDC provider functionality (for apps etc), but that is the reverse of what people seem to want in this thread.
The reality is that from the side of the officials developers the main focus is on their SaaS ODK cloud offering and self-hosters are left a bit in the rain. The official Docker setup is also not very friendly for anything but setting up a quick test instance on a fresh VPS.
This is not true.
ODK Cloud uses the same Docker setup that self-hosters use. The only meaningful difference is that we use an external database server as documented at https://docs.getodk.org/central-install-digital-ocean/#using-a-custom-database-server.
The vast majority of the team's time is spent adding features and documentation to Central in a way that benefits self-hosters. Case in point, OAuth/SAML/SSO is something enterprise users of ODK Cloud have requested, and it would likely be more profitable for us to ship that first, but we have chosen to prioritize features that benefit more users.
I agree that the Docker setup could be improved and we have hired new team members (who are paid by ODK Cloud revenue, by the way) who have that on their todo. If there are specific things you’d like to see improved to make the Docker setup friendlier, file issues and send in PRs that fix those issues.
2 Likes
Well, I didn't mean it so negative, but your strong reaction shows that there is more truth to it than you care to admit 
For what it is worth: I already made some very concrete suggestions years ago how to improve the Docker setup to be more self-hosting friendly, that were shot down as they would not allow quickly spinning up a self-contained test instance (as opposed to allow quickly setting up a working ODK Central in an existing production environment).
But I am also currently working on a guide to set up a docker-less ODK Central in a more production like Debian 11 environment. I'll probably share it here in a few weeks.
That said, ODK Central is a nice software, thanks for working on it 
2 Likes
Thanks, we were able to achieve authentication through customization
SSO with OIDC identity providers is now available in Central! See the documentation for details. It works much like described above: Central accounts get matched to accounts on the identity provider by email. Currently, Central accounts have to exist already so they can be assigned roles/projects. Eventually we intend to make it possible to assign default roles/projects and/or specify rules for using information from the identity provider to assign roles/projects appropriately (e.g. department, region, etc).