On using password-based authentication alongside SAML2

Hello, all.

My organisation uses an on-premise installation of Sentry 9.1.1 with GSuite-backed SSO handled by the sentry-auth-saml2 plugin. Since employees’ GSuite and Sentry accounts are deleted when they leave the organisation, I was wondering if there’s a way of creating a permanent account (for creation of long-term, organisation-wide auth tokens, etc.) in Sentry and using it, without tying it to GSuite. As in, is there are way to log on to an on-premise Sentry installation using password-based authentication when the SAML2 auth plugin is enabled and active? (I’m also of the opinion that a secondary authentication mechanism would prevent GSuite SSO from being a single point of failure.)

Thank you.

I think you can just create a superuser from the command line tool and use that user as the main user?

+1 on this thread. I also need a way to allow password auth on the user who is the main user for auth token rotation. Unless I can create the auth token via the cli which would be much better :slight_smile:

I feel like this PR addresses this request: https://github.com/getsentry/sentry/pull/16247

That said it is on the backburner for now. Feel free to upvote it if it is relevant to you so we can prioritize it higher.