Using the API to create a user on an SSO only system

Is it possible to create users via the API with disable local login and SSO enabled?

I’m getting error 500 in response to my API REST calls. other functions work fine.

4 Likes

No, SSO disables user creation.

Why do you want to create the users? With SSO, they will be created automatically when they try to log in.

I’m migrating a bunch of users who currently use yahoo email groups to message.

I’ve lists of their email addresses and want to add them to a set of Discourse groups. Obviously, I can’t till they log in.

So far I’ve had people complaining that they can’t see their private category when they register, as they are not a member of the group yet. If I could create them as users and assign them to the relevant groups first, it would make it a lot easier!

1 Like

These should be staged users, as that’s the purpose of staging a user – participation in prior emails that may or may not turn into a web login.

1 Like

Ahh. How do I do that?

Let’s ask @zogstrip!

I have the same use case as this topic: Adding new users vs inviting them

Creating staged users using the API is now possible :deciduous_tree:

https://github.com/discourse/discourse/commit/5bfc9cf69ede127460bc14d1c7f109841d4e8dee
 
https://github.com/discourse/discourse_api/commit/8cfff42d2853c54b7140b2a1fab211ef9cbcbf3b

2 Likes

Thank you!

So I would call create user with name, email, password, username, active = false, staged = true?

1 Like

That’s right :thumbsup:

Right, this is working on a development site that does not have SSO switched on, but fails as soon as it is.
Should I be trying to do this a different way? Via a plugin, maybe?

@Alexander_Wright how did you solve this problem ?

Hi !

@zogstrip Seems we still can’t create new users via API (Forbidden is returned) with those settings:

  • SSO activated
  • allow new registrations: enabled (to be able to create account via API)
  • invite only: enabled (to disable the “register” button on the forum)
  • enable local logins: disabled (to only login via the SSO)

But if “enable local logins” is enabled, then it’s possible to create a new user via the API.

@Rana_Muhammad_Ahsan to temporary solve this problem, I send a PUT request to enable “local logins” setting, then a POST to create the user, then a new PUT request to disable “local logins” setting. Pretty much ugly but working :see_no_evil:

When SSO is enabled you can create users through the API with the sync_sso route. See Sync SSO user data with the sync_sso route for details about how to do it.

6 Likes

@simon awsome ! Thanks a lot.