Strapi integration

SSO, MFA and passkeys for Strapi — without the Enterprise plan

Strapi ships with basic login — but admin SSO is Enterprise-only, and MFA or passkeys aren't built in. With Tuurio ID as an external OIDC provider, you add both without the Enterprise plan.

Connect with Strapi How it works

Admin SSO

No Enterprise plan required.

MFA & passkeys

Phishing-resistant and enforceable.

External OIDC provider

EU-hosted, GDPR-compliant, works with Strapi 5.

The gap

What Strapi leaves out

Strapi includes a basic login, but single sign-on for the admin panel is reserved for the Enterprise edition, and multi-factor authentication or passkeys aren't native. Connecting Tuurio ID as an external OpenID Connect provider closes that gap — for both the admin panel and your users-permissions login — without an Enterprise contract.

Setup

Add SSO, MFA and passkeys in three steps

Configure an OIDC provider in Strapi

Set up an OIDC/OAuth2 provider in Strapi (users-permissions or admin SSO connection).

Create a Tuurio ID client

Create the client and enter the client ID/secret and redirect URI.

Enable MFA & passkeys

Turn on an MFA policy and passkeys in your tenant — it applies instantly to all Strapi logins.

What you get

Enterprise-grade identity for Strapi

Passkeys / WebAuthn

Phishing-resistant, passwordless login for editors and admins.

Enforceable MFA

Require a second factor by policy across all logins.

Central user management

One identity layer for Strapi and your other apps.

EU-hosted & GDPR

Hosted in Germany with a data-processing agreement.

FAQ

Strapi SSO & MFA — frequently asked questions

Do I need Strapi Enterprise?

No. Tuurio ID provides SSO and MFA as an external identity provider, so you get admin single sign-on without the Enterprise plan.

Does it work with Strapi 5?

Yes, via the standard OIDC/OAuth2 provider connection.

Is it GDPR-compliant?

Yes. Tuurio ID is hosted in Germany and offers a data-processing agreement under Art. 28 GDPR.