Users are losing Admin role due to SSO

We have the problem in our self-hosted forum at https://discuss.gravit.io/ that I and a colleague are always losing the Admin role. Somebody assigns it to me, I assign it to a colleague, and after a while, both of us aren’t Admins anymore.

Anything we can do? Any information I can give you?

1 Like

Are there any other admins in your instance? Do you see anything related in AdminLogsStaff Actions?

1 Like

Yes, we have three Admins in total. One of them seems to keep his Admin status, but the remaining two seem to lose it regularely.

Had a look at the logs, but nothing points to admins, just the "grant admin"s, where we assigned the Admin role amongst each other. I can share the log with you if you like.

You use SSO, so if the SSO payload has admin=false admin will be removed on next login.

8 Likes

That sounds reasonable. Where can I change that?

If you want to manage admin powers in Discourse only, change the application that lives on Corel Vector – Sign in to stop sending the admin attribute.

5 Likes

To check if admin=false is being sent in the SSO payload, enable verbose SSO logging via settings and check your logs at https://discuss.gravit.io/logs. It’s highly likely this is the issue, we’ve seen it on multiple sites in the past.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.