Confirm new users from Admin without using web link

BKerr · 2017-07-25 21:11:53 UTC

I would like to enable new user accounts in Discourse for some trusted users of our legacy system. I have seen the discussion below, but it doesn’t answer my question.

The screenshot for “Activate Account” in that topic (from 4 years ago) is not something I am seeing now under Users. Of the users I have uploaded, who haven’t taken the action to join, Discourse only allows me to resend the email, rather than confirm them via the Admin side. Unconfirmed users do not show up anywhere else that I can see. Am I missing something?

Why this is important: I have a subset of key stakeholders who communicate from inside secure facilities that do not allow web access. They do have email access and communicate via listserv now. But … they cannot successfully click the link sent in the emailed invitation to confirm their account. How do I enable accounts for these types of users?

codinghorror · 2017-07-26 00:29:02 UTC

That is a conundrum; we require accessing the email verify web page to confirm the email is correct and under control of the actual user.

barryvan · 2017-07-26 04:49:41 UTC

Could a workaround perhaps be to accept an emailed-in reply from that address containing a code to confirm ownership of the address?

BKerr · 2017-07-26 14:32:08 UTC

That code sounds like something Discourse would have to create and I rather doubt they’d want to devote the time. Low ROI.

One thing I’ll say is that there is a difference between Discourse wanting confirmation of address ownership, and me. I know these people. They are definitely trusted in all senses. The question is how to have Discourse understand?

Outside of another solution, I will see if I can poll users in this situation to get a headcount. I might have to reach out individually to see if they can do the 1-time confirmation at a different computer location. If that’s possible it would enable them to participate in conversations via the email function.

codinghorror · 2017-07-27 06:06:22 UTC

You can also manually activate an account by going to the Admin, Users. Search for the username and click through to find the “Activate Account” button.

This would require manual staff intervention on every account with no access to web, though.

BKerr · 2017-07-27 14:17:14 UTC

That would be awesome, and a suitable solution for me given I don’t have thousands of people in this situation. Now the “BUT” - but, I just tried it and it doesn’t work. Here’s why:

I cannot find the Admin location that appears in your screenshot. (Permissions > Active). I can only navigate to Users > Send Invites. There is no Permissions.

And at Users > Send Invites where I have uploaded email addresses for sending invitations, there is no username yet to search on. That doesn’t exist until the person confirms.

tobiaseigen · 2017-07-27 14:52:08 UTC

Hi Barbara! Do you use SSO? If so, that option probably would not show up there.

I use SSO on my site, and it’s wordpress that sends the email verification not discourse. I use mandrill as my smtp provider and when I am faced by these situations, I can go in there to find the message and click on the link (using a private web browser) on their behalf. It’s a clunky hack but it works… and even if you don’t use SSO you could use this method to verify the email address on behalf of your users who have no web access.

BKerr · 2017-07-27 14:57:44 UTC

Hi Tobias,

Right now its just Discourse because I am in the final phase of testing. We want to go ahead and migrate users, but this is a barrier I have to solve before we proceed. Everything is a bit clunky in some way. I am willing to do manual changes inside Discourse, or elsewhere if necessary, because it’s a minority of users. But they are very important users - key stakeholders.

codinghorror · 2017-07-27 20:54:09 UTC

Yes, the account needs to exist first – there are generally two steps here

user signs up for an account via “create account” button
user account is created and awaits email validation

You should be able to create the account on their behalf – I’d avoid sending an invite in this scenario and pretend you are that user, signing up on the website. Once you’ve signed up as that user, a validation email will be sent to their email address, which won’t work since that user has no access to the public internet. However, you, as an admin, can then visit their user account – which definitely will exist since you just created it – and manually press the activate button.

So, in this specific case of a user having zero public (or private?) internet access to validate the link they were mailed, only email access, staff will need to avoid invitations and create the user account on their behalf via the signup button, then go into the admin section and manually validate them.