Recommended process for disabling SSO (Single-Sign-On)

So you’ve been using Discourse SSO on your forum, and now you want to turn it off? Then this guide is for you!

Discourse uses email addresses as the primary identifier for a user. Once SSO is disabled, users will need to go through the password reset process to reset (create) a password.

:warning: This guide assumes your SSO provider shared real user email addresses with Discourse. If SSO provided .invalid emails or other emails that the user would not know, this guide will not work.

  1. Decide on a time to make this change (removing SSO).
  2. Alert your community of the upcoming login change, and inform them of the planned change time. There will not be any downtime or read-only mode time required, but registration/login may be impacted during the switch.
    How you alert your community is up to you and your team, but my suggestion would be either a globally pinned topic or a banner topic.
  3. Prior to the change, configure any social providers you want to work. Complete all required steps except for the “enable xyz logins” site setting within Discourse. You want everything ready to go, but not enabled yet.
    Configuring Google login for Discourse
    Configuring Facebook login for Discourse
    Configuring Twitter login (and rich embeds) for Discourse
    Configuring GitHub login for Discourse
  4. When you’re ready to go, uncheck the enable sso site setting, check enable local logins, and check enable xyz logins for any social provider you configured.
  5. Be sure to test all the login options you enabled and make sure they work.

You’ll likely also want to create a topic/guide explaining to users how to log in given the changes. This may be the same topic as the “upcoming login change”, or something else. Users who choose to login with a social provider should “just work” as long as they use the same email for the social provider as they did for SSO. Users who would rather use a username and password will need to go through the “I forgot my password” process to create a password.

10 Likes