When a user is created via SSO, it appears that their membership in groups based on their email domain isn’t firing.
That is, I have a group set up like so:
…but users coming in via SSO don’t seem to be added to this group automatically:
It looks as though there was a discussion around this last year in relation to the “moderator” SSO flag and membership:
…but this is about everyday, run-of-the-mill users who I want to be in a group so they get flair and specific category access.
I have the same issue. It seems that unregistered users who used SSO to login cannot be added automatically to groups!
UPDATE: now I can identity four use cases:
1/ New users without account validation: users are not automatically added to groups
2/ New users with account validation: users will be added automatically to groups
3/ Existing users (provisioned by the SSO engine): users are not automatically added to groups
3/ Existing users (fully registered): users are added automatically to groups
When enabling SSO (with no account validation) it seems that the “auto-assign user to group” feature is turned off.
Is this the expected behavior? If not is there a workaround.
Regards,
Seb
@barryvan did you find a workaround for this issue?
Hi @sebastien,
When you are generating your SSO payload, you can set the add_groups field based on your user’s email, where add_groups is a comma delimited string of groups. I haven’t seen any documentation on this but the code is pretty clear:
That was our workaround to this issue and it has been working so far.
It works but I had to add some custom code to our SSO engine :(!
Thx for the help!
Seb
I just came across some weird behavior that’s probably related to this bug as well. I’ll look into including groups in the payload, as suggested.
This has been fixed a while ago
https://github.com/discourse/discourse/commit/a28c58feb18f49a7b599fce819fc437b39bddcee
