Seeking Guidance: Dual Authentication Setup for Moderators and Students

Hello Discourse Support Community,

I hope this message finds you well. We’re currently in the process of refining our authentication workflow on Discourse and would appreciate your insights on a specific use case.

Our goal is to have moderators log in using traditional username/password credentials, while students should exclusively use Single Sign-On (SSO) via Discourse Connect. We’ve already configured Discourse Connect successfully for SSO, but we’re seeking advice on how to implement and manage this dual authentication setup.

Here are some specific questions we have:

1. Enabling Dual Authentication:

• Is it possible to allow traditional username/password login for certain user groups (like moderators) while having SSO for others?

2. Managing Moderator Access:

• How can we manually create and manage moderator accounts with unique credentials separate from the SSO system?

3. Communication with Users:

• Are there best practices for communicating login instructions to moderators to ensure a smooth onboarding process?

Any guidance, best practices, or examples from the community would be highly appreciated. We value your expertise and look forward to your insights.

Thank you in advance for your support!

If you use discourse connect then it’s the sole authentication provider. You’ll need for your moderators to have accounts on the authentication server that the students use. Admins can use /u/admin-login but I don’t think that works for moderators.

If you use OAuth2 you can have multiple authentication providers.

Will the invite feature work for them?

No. Invites don’t work with sso

The easiest approach would be to have moderators log in via the same SSO provider site as students are using. Is there something that prevents you from configuring things in that way? I’m guessing that it’s not possible for moderators to create accounts on the SSO provider site, but maybe that’s not the case.