Unable to change profile pic due to SSO override

A user has been in touch to say when they joined our community a profile picture was automatically added to their profile (which I’ve never heard of happening before)

They asked me to remove it, but I can’t find the option to, either as an admin, or by impersonating.

Is there something I’m missing?

1 Like

The button to change the profile picture should be right next to the profile picture, but appears to be missing here. Are you using SSO? What’s the value of the site setting sso overrides avatar?

Thanks for getting back to me so quickly. I’m not a developer so this is slightly over my head. It looks like this:


Okay! To change the avatar, you need to change the avatar in the parent site you’re using.

Once this is changed, (unless your parent site syncs this automatically,) the user needs to sign in again for the changes to appear in Discourse. The easiest way to force this to happen is to simply log him out from the administration panel :slight_smile:


Thanks Felix - the user doesn’t have an avatar/profile picture in their account in our parent site’s CMS. I have no idea where the picture has come from, if they didn’t upload it themselves, which is really weird.

I logged Rubytoo out from the admin panel and that doesn’t seem to have made any difference.

Do you know why this might be happening? Why the edit button doesn’t appear for me?

That’s because avatars are handled by your CMS, so you cannot edit it within Discourse.

The question is where this image is coming from, and the last source that makes sense is Gravatar. Let me guess: The site setting automatically download gravatars is enabled?


It is indeed! Would unticking that solve it?

Untick that. It won’t solve this problem, but prevent it from happening again. :slight_smile:

To solve it, you’ll need to make a choice: Do you want to remove the Gravatar-provided avatars for this user only or for everyone? (Doing it for everyone is arguable more correct, but might surprise users.)

If you want to fix it for this user only, disable sso overrides avatar for a second, clear his avatar and re-enable sso overrides avatar to prevent further changes (which should only be made in your CMS). Then, tell your user that this image was pulled from Gravatar so he isn’t spooked :ghost:

If you want to fix it for everyone, this should probably be done through the Rails console.


You’re amazing, thanks so much! That seems to have solved the problem. Yay!


Considering this case, I’m wondering whether automatic Gravatar downloads should always be suppressed when sso overrides avatar is enabled. Why should Discourse fetch an avatar from an external source when the settings explicitly say that the SSO parent is handling all avatars?