Skip to Content
GuidesAuthentication

Last Updated: 3/11/2026

LinkAce supports multi-user setups with built-in user management and optional Single Sign-On (SSO) via OAuth or OpenID Connect (OIDC).

User Management

The first user created during setup becomes an administrator with full access to system settings and user management.

Inviting Users

Admins can invite new users:

  1. Navigate to AdminUsers
  2. Click Invite User
  3. Enter the user’s email address
  4. The user receives an invitation link to create their account

User Roles

LinkAce has two roles:

  • Admin — Full access to system settings, user management, and all links (regardless of visibility)
  • Regular User — Can manage their own links and access shared content

Single Sign-On (SSO)

LinkAce supports OAuth and OIDC for enterprise authentication. Supported providers include:

  • Auth0
  • Authentik
  • Azure AD (Microsoft Entra)
  • AWS Cognito
  • FusionAuth
  • Google
  • GitHub
  • GitLab
  • Keycloak
  • Okta
  • Zitadel
  • Generic OIDC

Configuring SSO

Add the appropriate environment variables to your .env file. Example for Keycloak:

SSO_KEYCLOAK_ENABLED=true
SSO_KEYCLOAK_BASE_URL=https://keycloak.example.com
SSO_KEYCLOAK_REALM=your-realm
SSO_KEYCLOAK_CLIENT_ID=linkace-client
SSO_KEYCLOAK_CLIENT_SECRET=your-client-secret

Example for generic OIDC:

SSO_OIDC_ENABLED=true
SSO_OIDC_BASE_URL=https://your-oidc-provider.com
SSO_OIDC_CLIENT_ID=linkace-client
SSO_OIDC_CLIENT_SECRET=your-client-secret
SSO_OIDC_SCOPES=openid,profile,email
SSO_OIDC_VERIFY_JWT=true

Restart LinkAce

After adding SSO configuration:

docker compose restart

The SSO login button will appear on the login page.

SSO User Creation

When a user logs in via SSO for the first time:

  • LinkAce creates their account automatically
  • They are assigned the regular user role by default
  • Admins can promote users to admin from the user management page

Disabling Local Login

To require SSO for all users, set:

DISABLE_REGISTRATION=true

This hides the local registration form but allows admins to invite users manually.

Guest Access

LinkAce can allow unauthenticated visitors to view public links.

Enable in System SettingsGuest Access:

  • Toggle “Enable guest access”
  • Guests can view links, lists, and tags marked as public
  • They cannot add, edit, or delete content

What’s Next

  • CLI Commands: Learn maintenance commands for user management and backups
  • API: Access LinkAce programmatically with API tokens
Backups And MonitoringAPI Reference