Single-Sign-On for Discourse: groups


(karl) #1

I have a membership database via Drupal and want to use it for logging in to a Discourse implementation. I see that this is possible via Official Single-Sign-On for Discourse (sso), but that there needs to be some code written on the Drupal side.

What I would like is for some members to be the only ones to have access to certain categories. That is, some executive members would have access to a private category.

This would be set up by use of a special ‘executive’ group.

My question is: can single-sign-on be implemented so that it enquires for executive-ness of a member from the Drupal server, and if so, assign them to the the Discourse executive group?

Thanks in advance!


(Tobias Eigen) #2

Have you seen this? Discourse Forum Integration | Drupal.org

That is where I would start - maybe the makers of that module would be interested in adding some functionality to synchronize drupal roles with discourse groups.

Another module I am reminded of is CiviCRM which has some helper plugins to synchronize Drupal roles and organic groups membership with CiviCRM groups.

The discourse drupal plugin has some issues… notably it wraps discourse into the drupal theme which I think is a Bad Idea. I also question how much integration you really need - on my site the volunteers, strategy committee and board of directors that need special privileges are only about 15 people total. Everyone else doesn’t need access to the forum or if they do join they don’t need particular handling because of the way discourse self-manages.

So it might be better/easier to just start with Discourse as a standalone platform and let people log in there again, and give them access privileges to private categories manually. This is what I am doing with my Drupal and Discourse sites and it seems to be working reasonably well so far. Still early days.


(karl) #3

Thanks for that Tobias!

Yes, you are probably right about committee/board members as they are small in number as you mentioned, and they don’t change very often.

I guess that this is conflated in my head with the idea that members of the organisation getting special access. For example, it’s long been a policy that only members should be able to post to the for-sale area…

(Manual updates of committee members taken on board.)


(Tobias Eigen) #4

I wonder if there shouldn’t be some way to provide special access or a fast track for people based on their email address… e.g. by taking their whole domain and giving everyone with email on a certain domain access to a group and therefore certain privileges, or by importing or synchronizing emails with another database of trusted users like CiviCRM.

But all of this presupposes that you are trying to bend discourse to some other, preexisting set of tools and procedures for managing your community which it isn’t really well suited to doing… it seems to be better as a standalone, new platform for engagement.

This is a tension that I am grappling with myself.


(karl) #5

I agree with your musings! :smile:

The problem is that I think there is a definite use-case for privileging certain users based on some external criteria - For example, and especially, a membership database…