Is there a way to use groups via SSO without overriding all existing groups? For example, I want to pass two types of membership groups from my external website - let’s say group_a and group_b. However, I don’t want users to lose their current trust_level group and also, some users have their own …

[image] Setup DiscourseConnect - Official Single-Sign-On for Discourse (sso) Aside from groups , you may also specify group membership in your SSO payload using the add_groups and remove_groups attributes regardless of the sso overrides groups option. add_groups is a comma delimited list of grou…

Thanks! so using the add_groups would NOT override or remove the users from current groups? And I would still be able to manually create and allow groups?

If this is used, and a user is removed from the group on the SSO side but not added to the remove_groups, they’ll stay a member on the Discourse site, right?

What do you mean by “this”, groups or the individual add_groups and remove_groups ? What are the exact params and endpoint you are calling?

The individual ones. I’m not actually doing anything yet, just trying to understand.

So, SSO usually happen during the login flow. All the groups, add_groups and remove_groups parameters are optional, and deal with group membership. This has nothing to do with having a valid user on the site. Unless you make all the site categories only readable by members of specific groups.

Sorry, let me rephrase. Let’s say we have 1200 groups in our SSO. If we want to have group membership synced with that without using sso overrides groups, if someone is a member of three groups, those three groups would need to be listed in add_groups and the 1197 others in remove_groups (just in ca…

In your case, and assuming your don’t have other manual groups in the Discourse instance, you should enable the sso overrides groups site setting, and pass the 3 groups the user is currently a member of in the groups parameter of the SSO payload. On login we will ensure that the user is a member of…

Ok, that brings me to this question: What happens to trust level and staff groups when using sso overrides groups? :slight_smile:

Groupes SSO sans écrasement complet

Soutien

Falco (Falco) Octobre 11, 2020, 6:41 2

Les paramètres add et remove font exactement ce dont vous avez besoin.

Sujet		Réponses	Vues
SSO groups not added to User SSO	3	1556	Avril 30, 2020
What happens to trust level and staff groups when using sso overrides groups? Support	5	544	Janvier 8, 2021
Updating SSO documentation SSO	8	3845	Septembre 3, 2019
Does `sso overrides groups` work with Oauth2? SSO	13	2574	Novembre 19, 2021
SSO and Restricted Groups SSO	2	2958	Mars 1, 2017

Groupes SSO sans écrasement complet

Sujets connexes