SSO users aren't automatically added to email domain-based groups

When a user is created via SSO, it appears that their membership in groups based on their email domain isn’t firing.

That is, I have a group set up like so:

…but users coming in via SSO don’t seem to be added to this group automatically:

image

image

It looks as though there was a discussion around this last year in relation to the “moderator” SSO flag and membership:

…but this is about everyday, run-of-the-mill users who I want to be in a group so they get flair and specific category access.

6 Likes

I have the same issue. It seems that unregistered users who used SSO to login cannot be added automatically to groups!

UPDATE: now I can identity four use cases:

1/ New users without account validation: users are not automatically added to groups
2/ New users with account validation: users will be added automatically to groups

3/ Existing users (provisioned by the SSO engine): users are not automatically added to groups
3/ Existing users (fully registered): users are added automatically to groups

When enabling SSO (with no account validation) it seems that the “auto-assign user to group” feature is turned off.

Is this the expected behavior? If not is there a workaround.

Regards,
Seb

@barryvan did you find a workaround for this issue?

Hi @sebastien,

When you are generating your SSO payload, you can set the add_groups field based on your user’s email, where add_groups is a comma delimited string of groups. I haven’t seen any documentation on this but the code is pretty clear:

https://github.com/discourse/discourse/blob/9813f9f0f8c9f4b446aa9f50e5c447161db0c7d5/app/models/discourse_single_sign_on.rb#L110-L119

That was our workaround to this issue and it has been working so far.

3 Likes

It works but I had to add some custom code to our SSO engine :(!

Thx for the help!

Seb

I just came across some weird behavior that’s probably related to this bug as well. I’ll look into including groups in the payload, as suggested.

3 Likes

This has been fixed a while ago

https://github.com/discourse/discourse/commit/a28c58feb18f49a7b599fce819fc437b39bddcee

5 Likes