Disabling SSO and allowing sign up to forum for anyone

Hi,

Our client currently is using the plugin with SSO enabled and their WordPress site controls the users. We have added some custom work to adjust user trust levels in Discourse to distinguish between members and non-members (MemberPress is being used) but apart from that everything is out of the box.

My query is this: if the client now wishes to make the forum public (anyone can access regardless of whether they are a user/member on the WordPress install) but still wishes WordPress users to automatically be signed up to the forum is it safe to imply disable SSO? What are the implications of this? I’m expecting users will need to run through a password reset or similar on the Discourse side?

Any information would be greatly appreciated!
Thanks in advance,
Joey

You can disable sso and users will have to generate passwords with the forgot password feature. And WordPress users will no longer be automatically logged in.

2 Likes

@pfaffman thanks for the quick reply. So really there are 2 choices here:

  • Keep SSO enabled and ALL users must login through WordPress
  • Disable SSO and lose functionality for users being auto-logged in when accessing forum from WordPress BUT enable public access to forum

I assume a middle ground where users are auto-logged in from WordPress and still allowing public would require a custom plugin on the WordPress side?

Is there anything in place, for instance, where we can append some parameters to a query string on the forum URL to auto login users from WordPress (we already have users being created in Discourse automatically when a user is created in WordPress). I’m just thinking of the easiest way to enable auto-login without SSO.
Cheers!

That’s right. Another middle ground might be to get wordpress to behave like a social login.

You can make discourse public in the sense that login is not required to see discourse, But logins will still go through WordPress.