I lost my admin rights due to misconfigured SSO

I give a user admin priveleges by rake admin:create, but when he logout from discourse he lost his admin priveleges ?


That sounds wrong, using rake admin:create to grant privileges should be permanent. Are you sure they were not an admin after logging in?


I check my privileges after logging in is reset it to normal user.

When running the rake admin:create task, the user you create should be granted admin status if you enter Y to the “Do you want to grant Admin privileges to this account?” question.

One thing that could cause the user to lose admin status after logging back in would be if they are logging in via SSO and you are passing the admin SSO parameter with its value set to false.


Thank you, I checked we are using the SSO authentification.

I’ve been having this problem as well with my SSO. Is the only way around this for the SSO to have an option for the user to be an admin so this parameter gets passed on correctly? I’m using Memberful so I can put in a request with them, just curious if that’s the best answer.

Yup! That sounds about right, see:

1 Like

The admin parameter is not required in the SSO payload, but if it is set it will cause the user to lose or gain admin status. From what I remember, Memberful passes the admin SSO parameter. You can probably set a user’s admin status through the Memberful UI. If you cannot find where to do that you should contact Memberful.