At my company, we use SSO to allow students to sign in to our help forums using the email they provided when signing up for our service. This works fine unless we have siblings sign up with the same email address. When this happens, it seems like there’s one account tied to the email address (maybe the first student that logged in?) that both students share. I usually can fix this issue by requesting unique email addresses for each student and changing the email addresses we have on file in our company’s DB. I tried this recently, but it seems like the data associated with the original email address does not belong to the email address but rather is scoped to the username. Is this the intended behavior? Did something change with a recent update (we’re on 2.9.0beta9).
For a concrete example, consider this:
Two users, Jenny and Tommy, sign up for our company's service
Their parents use the email address bar@gmail.com when registering
User Jenny signs on to the forum with SSO with an email address
of bar@gmail.com
User Tommy signs on to the forum with SSO with an email address
of bar@gmail.com
Tommy is really active, but Jenny is not. Whenever Tommy logs on,
Tommy\ sees the username Jenny though, because they share the
same email address.
Admin is alerted of the issue and does the following:
- Logs Jenny/Tommy out
- Changes Jenny's email address to baz@gmail.com in our
company DB
- Logs in as Tommy
- Confirm's Tommy "owns" the bar@gmail.com address
- Logs in as Jenny
- Confirms Jenny "owns" the baz@gmail.com email address
Admin notices that even though Tommy "owns" the bar@gmail.com
address, the data associated with that address is still scoped to
Jenny's username.
I’d love to have a way to make the user data “owned” by the email address, not the username, that way I can easily transfer user data between users based on the email address. If this is not possible, no worries. I thought it was possible before, but I may be mistaken.