The external_id
that is passed from the SSO provider is expected to never change. If it’s possible, you should avoid changing your user’s external_id
values.
As long as you are not setting the SSO parameter require_activation
to true
, you can delete all SSO records as Jay mentioned. To do this, enter your site’s console and run:
SingleSignOnRecord.destroy_all
Before doing this, you need to be sure that you are not setting require_activation
to true
in the SSO payload. If this parameter is being set, users will not be found based on their email address the next time they login to the site. Instead of that happening, they will get an error when they try to login.
If the require_activation
parameter is not being set to true
, users will be found based on their email address the next time they login to Discourse. A new SSO record will be created for them at this time. If any user’s email addresses are out of sync between your SSO provider site and Discourse, they will run into issues the next time they login to Discourse. You can find some details about fixing those issues here: Debug and fixing common DiscourseConnect issues.
If you are going to run the command I posted above, be sure to create a backup of your site’s database before running the command. If anything goes wrong, you can restore the backup file.