Disable OAuth2 User Creation

qyak

First of all, my organization and I are really enjoying osTicket!

Now comes the question,

I got Google OAuth2 to work for signing into osTicket, but there is a little problem I'm running into with it: when I use the OAuth2 login under a random Google account, it creates a new client account instead of rejecting them. Is there a way I can disable new client creation via OAuth2 in osTicket? Registration is set to required and the registration method is set to Private.

KevinTheJedi

qyak

No, reason being is any user authenticating using OAuth2 is considered a pre-authorized User as it's authenticating against your environment/set of users. The way to limit this to only people in your org is to configure the Google project as Internal and limit it to a specific Organization. You can read my earlier comment on this subject below:

https://forum.osticket.com/d/104208-oauth-filter-users/12

Cheers.

qyak

The solution from the referenced forum post did the trick!

To keep unauthorized users within our organization (students) from logging in to our website with OAuth2, I'll just mention that I had to go under App Access Control (we use Google), add the Internal app, and then select which OU to block in the organization (in case anyone needs help with that step).

From a newbie IT guy, thanks!