Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hi! Can I use Kratos so that _only_ SSO login is allowed. I.e. user registration would be completely disabled? I’m looking for a solution which would implement user sessions with cookies and only allow OAuth2 authorization code flow based logins.

Maybe implement a hook that reject requests on `on password registration` ? <https://www.ory.sh/docs/kratos/hooks/configure-hooks#trigger-precedence>

Don't have too much experience implementing hooks so YMMV

Right, thanks for the idea :+1: . I think I’m looking for behaviour close to what the <https://github.com/oauth2-proxy/oauth2-proxy> project provides, i.e. the user could directly log in with the IDP without any separate signup/registration step.