Any way to bulk load/create SSO users?


(Michael Downey) #1

I’ve looked around for an answer here but haven’t found anything yet, so forgive me if this is already answered somewhere.

I know that enabling SSO disables the invite system (or is supposed to, anyway).

But I’d like to pre-load in all my directory’s users and create them in Discourse without requiring them all to first authenticate/sign in via SSO first. In other words, n% of my user base have Discourse accounts because they’ve already signed in. But 100-n% don’t, so other people can’t @ mention them, thereby encouraging them to head over to Discourse to join conversations.

Any way to do this as an admin?

Update: Pre-specifying users is pretty important for me to transition one of our large mailing lists over to Discourse. I’d like to set them up with email notifications for a specific category matching their mailing list preferences used previously, to try to minimize disruption.


We can't invite users in our "invite_only" instance with local accounts disabled
(Salman, Freelance Developer) #2

How do you know those users will signup using a specific SSO provider?

Maybe they will use twitter instead of FB or just register normally or maybe never at all.


(Michael Downey) #3

Because we own the SSO service and user directory, and they already have accounts. :slight_smile:

We don’t allow any other method to sign up or sign in.


(Salman, Freelance Developer) #4

There won’t be any built-in way to do this in the admin section, this would require some custom work to mimick the sso login process. Since you own the sso service and user directory you should have all the relevant information to do this but again it isn’t just a click of a button type of thing.

How many users are we talking about?

Which auth provider are you using?

I would create a custom import script, following the logic in OmniauthCallbacksController based on the auth provider you are going to use.
Then you will have to auto approve the user and then set them up to the category etc.


(Kane York) #5

I know that you can ‘force’ them to create an account when they visit the site, by redirecting them to

https://talk.openmrs.org/session/sso?return_path=#{urlencode 'https://www.openmrs.org/original_request'}

You probably want to put that in when people signup for the first time (e.g. return path is ....org/signup/continue/after_discourse), but I’m not sure that redirecting from every page would be a good idea :-/

A ‘normal’ user import would be harder, as you need to make sure to include the SSO information.