Is "partial" SSO possible?

I’m not a developer, so I don’t even know what to search to find the answer to my question. I’m currently trialing Discourse right now and how users log in have been on my mind a lot.

At the start of my trial I was convinced SSO was the way I would go once my trial was over, but now I’m not so sure. It seems like I’d lose some nice Discourse features if I enabled SSO (like the invite features) and I don’t know if there advantage in my case is worth it.

Is it possible to have my forum use both the built in Discourse accounts AND my site’s account? Similar to how you can set up “or Log in with Facebook/Google/Apple” options?

You know how when a user tries to log in/create an account they’re presented with the email/password fields, but on the right of that it gives them options to log in with Facebook, Google, etc? Could I simply have my site’s account be one of these options on the right?

So if a user just wants to use my main site’s login and not create a new account specifically for the forum they could, but they wouldn’t be required for it.

Is this possible? And is this advisable? As in, are there any reasons why I shouldn’t go this route? Thanks!

It depends on what you mean by “SSO”:

  • If you’re talking about DiscourseConnect - Official Single-Sign-On for Discourse (sso), then you cannot use it alongside other login options.

  • If you’re talking about OAuth2, OpenID Connect, or any of our other authentication plugins, then yes they can be used alongside each other, and alongside email/password login.

Good news on that front - we’ve recently added invite support for DiscourseConnect

And for other login methods:

These changes are live in the latest version of Discourse


You can do that by implementing oauth2 on your server so that it could function like Google and github and friends. (Or having someone do that, since you’re not a developer.)


Thanks! Could you link me to documentation about that please?

Those two plugins can be found at:


I am excited to see the compatibility feature between SSO and invites but it does not seem to work on my end.

My main site is on WordPress and I am using the WP Discourse plugin to integrate the two applications. I also have a registration form that conducts email authentication on WordPress and I have written custom code to prevent Discourse from sending duplicate verification emails to users on registration. I have enabled must_approve_users in discourse to prevent anyone for accessing the community without approval.

I followed the following steps and user was not approved in the end. Just like before.

  1. Invite user with the email address
  2. User opens the email invite and click on the link
  3. User is directed to the discourse logged out page with a welcome message and CTA to continue
  4. Clicking on the CTA takes the user to the login page on WordPress
  5. As the user is not registered on WordPress, I had to create a new account for the user - which I think makes sense since WordPress does not know that Discourse invited this user.
  6. After registration, I receive a confirmation email from WordPress. I click on that email and I am directed to the login page in WordPress.
  7. After logging in WordPress, I try to the community but I cannot.
  8. I go to the admin account and check the status of the user and as I suspected, it is Needs approval. This is exactly the same situation I had before sending an invite.

What am I missing here? Is there some other flow I need to follow? Can I only invite users that are already registered on WordPress? Looking for some guidance here. Thank you.

My Discourse Version: 2.8.0.beta1