SAML (OneLogin) and disabling all other methods of sign-in


#1

We use OneLogin and are setting up a private Discourse instance for our org. Is there a way to use discourse-saml and simultaneously disable all other methods of account creation/login?

The current idea is:

  • Enable SAML
  • Enable restricted sign up domain to our org
  • Remove “Create Account” button with CSS

This is pretty hacky, though. Is there any better solution?


(Jeff Atwood) #3

If you want to disable new account creation, you can do so in the site settings.

In general SAML is a form of single sign on, so other forms of login are disabled by default.


#4

The discourse-saml plugin doesn’t seem to have this effect…


(Bhanu Sharma) #5

Pardon me, Link to the plugin please?


#6

Added link to previous post.


(Bhanu Sharma) #7

That’s exactly what I’m thinking! The plugin is Called Discourse SAML not Discord SAML.

Also, I’m using that plugin for one of our internal forum with Login Required and Local Login disabled. Works fine so far.


#8

Typo sorry.

Will try disabling local login.


(Bhanu Sharma) #9

Test that SAML logins work fine for you before disabling local logins or you’d be locked out of your own site with recovery needing additional steps.


#10

It does work, we have been using it already. Thanks for the tip :slight_smile:

Really, the preferred method would be to allow local login, but disable password creation by users themselves. Admins could create passwords for local login, but not regular users.