Handling of externally managed Users and Permissions

System Information
  • Strapi Version: 4.5.3
  • Operating System: node-alpine 18
  • Database: maria-db
  • Node Version: 18
  • NPM Version: 8
  • Yarn Version:


I’m building an awesome CMS system but I would like the users and permissions to be managed by an external proprietary system.

I was wondering if there was a blog post / video / best practice to this?

I’m thinking I need to setup SSO, a mapping table of user roles and a private api call to the backend system which is called periodically to retrieve user permissions and update internal user-role assignments within Strapi.

Would this be a reasonable approach?


  1. The user logs in via SSO

  2. I find out that “user45” has “customer-service” role assigned on the backend API.

  3. Strapi role “csuser” assigned to “user45” within Strapi.

  4. Periodic checks find that “user97” has had all roles revoked on backend API

  5. All Strapi roles are remove for “user97”

Any guidance/help would be appreciated. This feels a bit insecure and wondering if there is a waaay better way to do this security wise