I’ve set up discourse connect to authenticate users with our AD through a custom script. I have some external users who may not be in our AD but still would need access to discourse. If the SSO script fails to locate the user, is there any way to provide them with the standard login prompt?
If that is your case, then I think SSO might not be your best solution matches your case in the first place. SSO works best if all the discourse users are same or are subset of your main platform. Otherwise you might consider creating custom login provider OAuth 2.0 & OpenID Connect Support | Discourse - Civilized Discussion. So that noramally users uses your own platform and for other external users they can choose to login with email/password…etc
The first S in sso is single. If you want to let people log in multiple ways you’ll need to use oauth2 as suggested.