Using the API to create a user on an SSO only system


(Alexander Wright) #1

Is it possible to create users via the API with disable local login and SSO enabled?

I’m getting error 500 in response to my API REST calls. other functions work fine.


Create SSO Users, Adding To Group, Subscribing to Category via API
(Felix Freiberger) #2

No, SSO disables user creation.

Why do you want to create the users? With SSO, they will be created automatically when they try to log in.


(Alexander Wright) #3

I’m migrating a bunch of users who currently use yahoo email groups to message.

I’ve lists of their email addresses and want to add them to a set of Discourse groups. Obviously, I can’t till they log in.

So far I’ve had people complaining that they can’t see their private category when they register, as they are not a member of the group yet. If I could create them as users and assign them to the relevant groups first, it would make it a lot easier!


(Jeff Atwood) #4

These should be staged users, as that’s the purpose of staging a user – participation in prior emails that may or may not turn into a web login.


(Alexander Wright) #5

Ahh. How do I do that?


(Jeff Atwood) #6

Let’s ask @zogstrip!


(Alexander Wright) #7

I have the same use case as this topic: Adding new users vs inviting them


(Régis Hanol) #8

Creating staged users using the API is now possible :deciduous_tree:


 


(Alexander Wright) #9

Thank you!

So I would call create user with name, email, password, username, active = false, staged = true?


(Régis Hanol) #10

That’s right :thumbsup:


(Alexander Wright) #11

Right, this is working on a development site that does not have SSO switched on, but fails as soon as it is.
Should I be trying to do this a different way? Via a plugin, maybe?


(Rana Muhammad Ahsan) #12

@Alexander_Wright how did you solve this problem ?


(Dylann Cordel) #13

Hi !

@zogstrip Seems we still can’t create new users via API (Forbidden is returned) with those settings:

  • SSO activated
  • allow new registrations: enabled (to be able to create account via API)
  • invite only: enabled (to disable the “register” button on the forum)
  • enable local logins: disabled (to only login via the SSO)

But if “enable local logins” is enabled, then it’s possible to create a new user via the API.

@Rana_Muhammad_Ahsan to temporary solve this problem, I send a PUT request to enable “local logins” setting, then a POST to create the user, then a new PUT request to disable “local logins” setting. Pretty much ugly but working :see_no_evil:


(Simon Cossar) #15

When SSO is enabled you can create users through the API with the sync_sso route. See Sync SSO user data with the sync_sso route for details about how to do it.


(Dylann Cordel) #16

@Simon_Cossar awsome ! Thanks a lot.