SSO Confusion for Users with Impersonate options on origin platform

It’s not uncommon for our support staff to impersonate a user within our core platform interface, which often results in them being logged in to the browser as a different user when they click over to the forum. This triggers creation of a discourse linked account and an email to someone who has never visited. While I like spreading the word to new people, this is very confusing to users and tedious for staff.

Is there any way around this other than using two different browsers at the same time and being careful?

Do you have some sort of way of telling in the origin that a user is “impersonated” vs “really the user”?

If so the simplest thing here is to just have your SSO endpoint explode for impersonated cases.


Thanks for the suggestion. I will run that by the devs to see if it’s something we can do.



I am using an SSO to get users to log in to a discourse instance from another web page. I am getting complaints from users saying that they are being logged in as someone else with the privileges of that other person !

I couldn’t put my hand on why before I read this. the typical complaint is usually from a Jane doe saying that when she logs in she is logged in as “Jane smith” instead… I’m not sure if the problem is from my SSO code or could it be that someone (there are other admins) impersonated Jane Doe which logged her out and then when she attemps a login she goes in as Jane Smith.

Is there a solution to this if that is the case?

Did this get resolved on the SSO endpoint on your side @RyanK?

I’m pretty sure it fell off the radar. I’ll check but I’m guessing that most people have just adapted to the extra step(s)