Disallow viewing forums for users with SSO

Avatar
  • updated
  • Answered

Hi,


Let's say I have 2 forums in my account (1 and 2) for two different organizations. Users from the first organization are redirected to forum 1 by the widget, and users from the other organization are redirected to forum 2. They shouldn't be able to see the other forum. That is why I have set 'allowed_private_forums' in the SSO token, with only forum 1 set for organization 1, and only forum 2 for organization 2 (determinated by our software). My privacy settings for both forums are:


Image 8047

Somehow it is still possible for a user from organization 1 to see and post to forum 2 if they know the url. Is this a bug in SSO, or am I doing it wrong? I hope it is possible to fix. Thanks for your reply.

Pinned replies
Avatar
Vladimir Mullagaliyev co-founder
  • Answer
  • Answered

Hello Robert,

Just disable "Allow access to this forum for users who authorized with SSO". It does mean all SSO users have access to this forum!

If you provide access through allowed_private_forums it is enough.

Avatar
Vladimir Mullagaliyev co-founder
  • Answer
  • Answered

Hello Robert,

Just disable "Allow access to this forum for users who authorized with SSO". It does mean all SSO users have access to this forum!

If you provide access through allowed_private_forums it is enough.

Avatar
Robert

Hello Vladimir,

Thanks for the reply. Good to know that. We first enabled it because else it didn't seem to work with SSO, but now we know this, we looked further and found out that the SSO parameter was wrong in our code. So now it's solved. Thanks!