Hi all,
This might be a slightly random question, but I’m trying to mitigate any possible issues migrating from Salesforce to Discourse. We will be trying to get our SSO enabled, however due to time constraints we’re looking at all possibilities, including what would happen if we were to migrate without SSO. Apart from users having to set-up a password on initial log in, is there any other issues that we might come across down the line? Has anyone had any experience with this?
Many thanks!
Based on another topic you started, I am assuming you are using OAuth2 for SSO.
If you allow users to register accounts directly on Discourse with a username/password and then enable OAuth2 at a later time, the only issue you need to be concerned with is having Discourse match accounts that were created with a username/password if the same account logs into Discourse via OAuth2 when it’s been enabled.
Discourse can match accounts registered with a username/password to OAuth2 logins if the email address that’s supplied by the OAuth2 provider matches the email address that was supplied when the user first registered on the site. The easiest way to get this to work is to enable the oauth2 email verified site setting on Discourse. Note that this should only be done if the OAuth2 provider is actually verifying email addresses when users first setup their account.
There can be cases where a user will signup with a different email address on Discourse than the address they have used on the auth provider. This will result in the user having two Discourse accounts. This issue can be resolved on a per-user basis by having a site admin merge the account that was created with a username/password into the account that was created when the user logged in with OAuth2.