Google Auth to only invited users


(Steve Larsen) #1

We want to have the only way to login via Google Auth but we also need to not allow anyone in our domain to get access. We need to add their email and the permissions they need and then they can logins using Google Auth. What we are finding now is that if I am added as a user I must register with a password first which is what we don’t want; just google auth.

We whitelisted domains that are allowed for the system but not all users in those domains are meant to have discourse access.


(Jeff Atwood) #2

How do you see this working? How big is the list of allowed email addresses and how often does it change?


(Steve Larsen) #3

Admin adds user to the accounts list with a corporate email and given appropriate permissions.
User then attempts to sign in using Google. Their email matches one that exists on accounts. User logs in successfully. Else, user email does not match and user is not allowed to login.

Even better is to have a SAML integration. Slack has a great G Suite integration for example with JIT provisioning. G Suite single sign-on – Slack Help Center


(Steve Larsen) #4

Support for SCIM alongside that would be great
https://tools.ietf.org/html/rfc7643