From 561b00283cccbb8cbc27aab196af6c7491cd5c41 Mon Sep 17 00:00:00 2001
From: Ishaan Jaff <ishaanjaffer0324@gmail.com>
Date: Mon, 20 May 2024 12:54:08 -0700
Subject: [PATCH 1/2] feat - enforce sso on Admin UI

---
 litellm/proxy/proxy_server.py | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/litellm/proxy/proxy_server.py b/litellm/proxy/proxy_server.py
index 7e1e2646f..be638df23 100644
--- a/litellm/proxy/proxy_server.py
+++ b/litellm/proxy/proxy_server.py
@@ -8987,9 +8987,25 @@ async def google_login(request: Request):
     PROXY_BASE_URL should be the your deployed proxy endpoint, e.g. PROXY_BASE_URL="https://litellm-production-7002.up.railway.app/"
     Example:
     """
+    global premium_user
     microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)
     google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)
     generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)
+
+    ####### Check if user is a Enterprise / Premium User #######
+    if (
+        microsoft_client_id is not None
+        or google_client_id is not None
+        or generic_client_id is not None
+    ):
+        if premium_user != True:
+            raise ProxyException(
+                message="You must be a LiteLLM Enterprise user to use SSO. Meet with us to get a license: https://calendly.com/d/4mp-gd3-k5k/litellm-1-1-onboarding-chat",
+                type="auth_error",
+                param="premium_user",
+                code=status.HTTP_403_FORBIDDEN,
+            )
+
     # get url from request
     redirect_url = os.getenv("PROXY_BASE_URL", str(request.base_url))
     ui_username = os.getenv("UI_USERNAME")

From d956020470270a6d5b40b5a3aac2ae6544b67af7 Mon Sep 17 00:00:00 2001
From: Ishaan Jaff <ishaanjaffer0324@gmail.com>
Date: Mon, 20 May 2024 13:02:56 -0700
Subject: [PATCH 2/2] fix error on enforce sso

---
 litellm/proxy/proxy_server.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/litellm/proxy/proxy_server.py b/litellm/proxy/proxy_server.py
index be638df23..746563ab7 100644
--- a/litellm/proxy/proxy_server.py
+++ b/litellm/proxy/proxy_server.py
@@ -9000,7 +9000,7 @@ async def google_login(request: Request):
     ):
         if premium_user != True:
             raise ProxyException(
-                message="You must be a LiteLLM Enterprise user to use SSO. Meet with us to get a license: https://calendly.com/d/4mp-gd3-k5k/litellm-1-1-onboarding-chat",
+                message="You must be a LiteLLM Enterprise user to use SSO. If you have a license please set `LITELLM_LICENSE` in your env. If you want to obtain a license meet with us here: https://calendly.com/d/4mp-gd3-k5k/litellm-1-1-onboarding-chat You are seeing this error message because You set one of `MICROSOFT_CLIENT_ID`, `GOOGLE_CLIENT_ID`, or `GENERIC_CLIENT_ID` in your env. Please unset this",
                 type="auth_error",
                 param="premium_user",
                 code=status.HTTP_403_FORBIDDEN,