Hi
I’ve connected my Discourse instance to our identity provider, SAP CDC, using the OIDC plugin.
This works in the sense that users can login via their SAP CDC accounts and register on discourse.
I want to be able to restrict the ability to get to discourse to a subset of the users in SAP CDC. These are defined by roles based through in the JWT - can someone help me with how to configure discourse to reject users who don’t have the specific roles?
Ian
I don’t know if you can do that without a plugin (but I might not know). If you’re self-hosted and don’t mind adding a custom plugin, it shouldn’t be but a couple hours of time (for someone who regularly writes such plugins) to reject the users you don’t want.
One solution would be to allow them to log in but put everything in categories accessible only to groups that are defined by those roles. It should be easy enough to find info on how to have those roles define groups in Discourse (but I’ve not done it).
thanks for replying - we’re trying to avoid customisation.