Adding SAML SSO as an option (but not enforced)

(Allen - Watchman Monitoring) #1

I don’t know a ton about SAML/how discourse authentication options work.

Would it be possible to add a SAML SSO option, without removing existing login options?

(It is possible to add SSO as I’ve mocked up in the orange box here)

Users approved via SSO Plugin are showing as pending
(Jeff Atwood) #2

There are topics here about it. That is an enterprise hosting option for our paid hosting plan.

(Allen - Watchman Monitoring) #3

I searched for them before posting… all the ones I see talk about forcing SSO.

(Allen - Watchman Monitoring) #4

I found one,

I don’t think it’ll talk directly to our app, which is a SAML provider of its own, and it’s also tagged with a “but if you pay more you might get it faster” clause.

I was hoping for a plugin more like

which works great from our wordpress to our app.

EDIT - Perhaps this tool, provided by Auth0, is what I’m looking for… will report back.

(Allen - Watchman Monitoring) #5

Aha! This is what I was looking for…

Now to make it work, thanks @eviltrout!

(Allen - Watchman Monitoring) #6

This plugin is working for us, :tada: thanks so much!

In our use, users who create an account based on user/pass, or login with Google, twitter, etc, still need to be validated & assigned the right Discourse Group. Users who create/authenticate via our SAML provider are automatically approved and placed in the group, so we don’t need that extra approval process.

To that end, I’ve posted a feature request… I don’t know if this is as simple as adding the skip email validation feature, or not.