We’ve recently switched to SSO and we’ve quickly discovered that accounts we’ve suspended are finding ways to regenerate their About Me text (we manually remove it) by logging in to the parent site.
The parent site, sends over Email, About Me, and maybe website to Discourse via SSO. What we’d like to do is hide the about me text from all users when the account is suspended. It is already hidden from user cards, but making it hidden on the Profile would be ideal for us too.
There are two things I could see being done here.
- SSO stops sending the about me data for suspended users
- But how does SSO know the user is suspended?
- SSO doesn’t permit updating the profile text when the user is suspended
- Doesn’t benefit non-SSO sites
- When the user is suspended, hide the About Me text from everyone (except staff?)
Are there any other possibilities I haven’t thought about? And would any of the above (minus #1 obviously) be permitted as #pr-welcome?