SSO errors - some emails receive "Validation failed: Primary email is not allowed."

We recently moved all users to SSO via our primary site. Out of 50k+ users, all but 9 seem to work fine.

The 9 remaining emails get this error:
Validation failed: Primary email is not allowed.

The email addresses do not exist in discourse and they are valid emails

We are running 2.3.9

Any reason to believe these will suddenly work in 2.4 or 2.5?

1 Like

Is there anything common to the email addresses? Their length? Any symbols? Unicode characters?

If we can identify why they’re being rejected it should be possible to answer whether the rejection criteria in 2.3.9 has changed since.

5 Likes

Sorry, I had notifications turned off for some reason.

There is nothing consistent or unique about the email addresses.

  • Mostly gmail accounts
  • no funky characters (alpha_numeric) only

Check your blocked emails in Admin, Logs, Screened Emails. And remember emails that are too close to the blocked emails (such as superdave versus superdave1) will also be blocked.

5 Likes

I don’t think I would have ever found it but they were in the screened emails list.
I approved them and now it works great.

2 Likes