I’m still reading through old threads on using WP SSO, but I was curious if sharing our roadmap might surface any advice. Are there things we should look out for? Things we should avoid?
Our Stack:
WordPress (foundation)
MemberPress (manages user accounts)
LearnDash (LMS, course creation)
Discourse (private, member community)
Our Desired Onboarding Experience:
Visitor arrives on our WP site (content marketing) & converts to paid member.
– We’re thinking about a 24-hour free trial (w/ auto-conversion).
TL0 gets read-only access to the bulk of the categories.
TL0-1 promotion requires 5 minutes posting an introduction.
After 24hrs, member’s card is charged, membership is official, auto-promoted to TL1.
WP SSO would manage accounts so that only paid/current members have access to both community and LMS content.
I’m curious if there’s either a simpler or better way to do this. Reducing new member friction is important, but so is ensuring longterm scalability, ya know?
From your onboarding list, it looks like you are hoping to override the Discourse trust level system. I think a better approach would be to use Discourse group membership to control access to your site’s content. For details about how this works, see How to use category security settings to control access to content.
The WP Discourse plugin has a couple of functions that you can use to add and remove users from groups. Details are in this topic: Managing Discourse group membership with WP Discourse. That topic uses the PaidMembershipsPro plugin as an example, but the same idea should work with MemberPress.
Those threads were helpful. I’ve got WP Discourse installed and connected to Discourse. I might even have some new (better) ideas for our onboarding experience. Thank you, @simon!
I stopped short of making any SSO decisions, though. Afraid the more I read about these, the more my brain goes in circles and I get dizzy. Could I trouble you for a bit more advice on this front?
Given: WordPress & MemberPress + Discourse + LearnDash… and wanting to pay gate everything that isn’t a blog post…
If Discourse is SSO CLIENT, we’d use MemberPress to manage accounts in WordPress and access to LearnDash courses. This was how we approached things from the start, so it inherently makes sense, if not from a place of implementation/scalability best practices.
If Discourse is SSO PROVIDER, we’d need to source and implement a paygate on the Discourse side (none of which I’ve seen so far instill much confidence, to be honest). If we could dump MemberPress on the WP side, it might be worth the switch, but I’m not sure how this would work with wanting synced users in WP accessing LMS content at special, member-prices, while the general public was presented full retail.
Does this make sense? Tried to make this clear, but I’m getting a bit turned around.
I feel like one email to Jay would handle this, but every dollar spent on dev is a dollar we don’t have for the rest of our startup plans. (Feels more and more like we should defer to Jay.)
MemberPress is designed to manage access to local, WordPress content.
MemberPress has no authority to limit access to Discourse via SSO.
What I’ve discovered is that, when someone’s credit card is declined, their membership is suspended, but as they can still log into WordPress, they retain access to Discourse via SSO.
How much trouble would it be to have the SSO plugin take membership status (from MemberPress) into consideration before allowing someone to log into Discourse?
I feel like the way we’ve integrated things at this point is cost-effective and easy enough that, if the SSO plugin handled this, we’d be golden for the foreseeable future, but I also feel like this path also leads down big boy, custom development work.
The closer we can keep things to box-stock Discourse, the better off we’ll be, imo.
Thanks again for the advice. Sorry to interrupt, Simon.
If you can find out how MemberPress is determining which users should be able to access protected content on WordPress, then the same data can be used to restrict SSO logins to Discourse. To do that, you will need to add a conditional statement to the two functions in the second post of this topic: How to prevent some WP users from being able to login to Discourse. The conditional statement should return true if the user’s account has been suspended.
What you are wanting to accomplish is doable, but you may have to get some help from a WordPress developer to figure out what goes in the conditional statement in the two functions that I linked to.