SSO and Restricted Groups


(Thor Mitchell) #1

Apologies in advance if these questions and been covered before, and I failed to find the answers when searching.

We’re looking to build a community amongst the users of our product using the Hosted Discourse offering. However before we open up to our entire userbase we’d like to start with a few smaller closed groups, while we get the hang of managing and moderating.

The first group I’d like to set up is for our User Panel, who are a set of power users who provide feedback on upcoming products and features. I’ve created a user_panel group, and a category that is only visible to members of that group. I’m now trying to work out the best way to onboard User Panel members into both Discourse and this group, given that we’re using SSO.

I’m trying to avoid having to do the following:

  • Email all existing User Panel members asking them to sign in to Discourse
  • Monitor Discourse to see when they sign up
  • Add them each to the user_panel group manually as they do so
  • Email them again individually to confirm they now have access to the restricted Category

I was hoping I could “Bulk add” their email addresses to the user_panel group before they sign in, so that the restricted Category would be visible when they first log in, but this does not appear to be possible. All addresses not associated with existing Discourse accounts are just ignored. Is there a way of “blessing” users who you expect to sign in using SSO into a particular group beforehand?

My other option is to have our SSO Provider indicate if a user is a member of the User Panel in the payload using the add_groups attribute. However users can be added to the User Panel at any time. Is the add_groups attribute evaluated every time a user logs in to Discourse, or only when their account is created?

Many thanks,

Thor


(Sam Saffron) #2

Yes add_groups is evaluated every time they log in, so it should sort out the issue perfectly.


(Alexander Wright) #3

Is there documentation for this please?

I thought I’d have to write my own plugin to implement this!

Edit:

Never mind! The documentation is here.