Is there a way to use groups via SSO without overriding all existing groups? For example, I want to pass two types of membership groups from my external website - let’s say group_a and group_b. However, I don’t want users to lose their current trust_level group and also, some users have their own …

[Bild] Setup DiscourseConnect - Official Single-Sign-On for Discourse (sso) Aside from groups , you may also specify group membership in your SSO payload using the add_groups and remove_groups attributes regardless of the sso overrides groups option. add_groups is a comma delimited list of group…

Thanks! so using the add_groups would NOT override or remove the users from current groups? And I would still be able to manually create and allow groups?

If this is used, and a user is removed from the group on the SSO side but not added to the remove_groups, they’ll stay a member on the Discourse site, right?

What do you mean by “this”, groups or the individual add_groups and remove_groups ? What are the exact params and endpoint you are calling?

The individual ones. I’m not actually doing anything yet, just trying to understand.

So, SSO usually happen during the login flow. All the groups, add_groups and remove_groups parameters are optional, and deal with group membership. This has nothing to do with having a valid user on the site. Unless you make all the site categories only readable by members of specific groups.

Sorry, let me rephrase. Let’s say we have 1200 groups in our SSO. If we want to have group membership synced with that without using sso overrides groups, if someone is a member of three groups, those three groups would need to be listed in add_groups and the 1197 others in remove_groups (just in ca…

In your case, and assuming your don’t have other manual groups in the Discourse instance, you should enable the sso overrides groups site setting, and pass the 3 groups the user is currently a member of in the groups parameter of the SSO payload. On login we will ensure that the user is a member of…

Ok, that brings me to this question: What happens to trust level and staff groups when using sso overrides groups? :slight_smile:

SSO-Gruppen ohne vollständiges Überschreiben

Unterstützung

Falco (Falco) 11. Oktober 2020 um 18:41 2

Die Parameter add und remove tun genau das, was Sie benötigen.

Thema		Antworten	Aufrufe
SSO groups not added to User SSO	3	1553	30. April 2020
What happens to trust level and staff groups when using sso overrides groups? Support	5	541	8. Januar 2021
Updating SSO documentation SSO	8	3844	3. September 2019
Does `sso overrides groups` work with Oauth2? SSO	13	2564	19. November 2021
SSO and Restricted Groups SSO	2	2958	1. März 2017

SSO-Gruppen ohne vollständiges Überschreiben

Verwandte Themen