Auto approve email domains still requires staff approval

I am using SAML for login for our internal users and enabled:

  • must approve users
  • auto approve email domains (with our domain)

When my users are trying to login, they still have to wait for approval by staff. I was not expecting this behaviour based on the wording of the settings.

As we are in the trial phase, that is not a problem but when expanding that will be an annoyance (still not a big deal, but an annoyance).
We are using 2.9.0.beta4.

4 Likes

I’ve just tried to replicate this on my test site (no SAML), and it worked as expected, which may make it an SSO thing?

  • Enabled must approve users
  • Added “jammydodger.monster” to auto approve email domains
  • Signed up new test user with email “test_fourteen@jammydodger.monster”
  • Test user received activation email, followed link, and arrived on site with no additional approval needed
    (I also tested with a gmail address as a control, and that one needed approval)
3 Likes

I’m not sure if they are related—but, I was wondering if you had these two commits on your test site:

2 Likes

My test site is currently on 17227e9e53, so should include those commits. :+1:

What version are you using @Jonathan_Poyer?

2 Likes

I’ve now upgraded to latest (I had not). I will have to wait on Monday to get someone else to test as I don’t have the hand on adding a new user.
Will keep you informed

2 Likes

@Jonathan_Poyer Can I confirm that this is not something that changed with a recent update? From my investigation, it looks like DiscourseConnect has never supported auto approve email domains which is a bug. The bug will be fixed by FIX: DiscourseConnect login did not auto approve based on email domain by tgxworld · Pull Request #17006 · discourse/discourse · GitHub

10 Likes

I have deployed the latest version available today (7da074d5). I have the following configured:

  • must_approve_users: true
  • auto approve email domains: mydomain.com
  • SAML configured

I have asked a user but I still see them as pending “Needs approval”

1 Like

I think @tgxworld’s fix was for DiscourseConnect and not SAML, which may explain why your site is still experiencing the issue. Is a fix for SAML on the cards too @tgxworld?

2 Likes