For some reason the Oauth2 option for Google is allowing any Google account to login to the system and is not restricting to just our users. I have user auto creation turned off but this appears to be bypassing that and auto creating the user anyway.
Google Oauth2 login allowing any Google account
- Best Answerset by KevinTheJedi
With SSO, anyone authorized through the IdP is considered a pre-authorized user and subsequently bypasses the user registration settings and is always auto-registered. There is no way to change this. Typically you’d restrict this on the IdP end. I recognize google makes that a little difficult so we hope to implement a setting to restrict to a single domain in future releases. I do not have a set release date for this nor even a date this will be worked on. It may even be pushed to v2.0; can’t make any promises.
Cheers.
@"KevinTheJedi" thank you for the detailed response. Just curious (to try to learn a bit better) why does it work this way with users but agents are different? Also, when you get to the point where you are working on this, I'd be happy to help out in any way you might need.
Cheers!
- Edited
Agents have access to all the Tickets, etc. so and Admin needs to manually create them to avoid people just registering accounts and getting access to a whole bunch of Tickets. Plus Agents need to have their Department access configured, etc. before creating the account.
We won't be working on that for a GOOD while (in/after v2.0).
Cheers.