How to disable password auth once user is created (SSO only)?

(Aahan Krish) #1

Lets say I just installed Discourse. The first admin user I create will have to register with a password. Once registered and in, I enable SSO (e.g. Google), then logout and sign-in using my Google account.

For future logins:

  1. I want the user to be able to sign-in only via SSO and his password should be removed such that he had never logged in with a password (i.e. like a new user who registered via SSO).

  2. But the user can use the “Forgot password” feature to create a password login again.

Is this possible? If so, how do I got about doing this?

As of now, I am creating a new user via SSO, turning him into admin, and deleting the password authenticated old admin user. I don’t like this, unless this is the only safe way to do it.

(Kane York) #2

Disable this setting:

(Aahan Krish) #3

I considered that. But I want to disable password authentication only for the admin user, not all. :worried:

(Kane York) #4

Well, then generate a long password, maybe 50 characters long, then set it and forget it?

That would effectively be the same thing - nobody’s ever going to guess what it was.

(Aahan Krish) #5

Yep, considered that too. And then I thought I have a better idea, and this is what I am doing now:

  1. Configure app.yml with 2 admin emails at the time of site creation (or rebuild it later, maybe):,

  2. Register like you suggested, i.e. with a long password (I generally go with 63 chars).

  3. Enable Google/Yahoo/Facebook/Twitter/GitHub authentication.

  4. Login as using one of them.

  5. Delete’s account.

Probably too much, but I feel safer without a password, especially for the admin user.

(Kane York) #6

Warning - if anyone ever figured out what is, and they somehow get access to that email to complete registration, they will have admin access on your Discourse! Safer to remove it from app.yml.

(Aahan Krish) #7

Ah, you’re right. So, all I have to do is, remove the email from app.yml and run this command:

~$ cd /var/docker
~$ ./launcher rebuild app