Check for existing accounts and honor the user role

  • Resolved Prometheus Fire

    (@prometheus-fire)


    1 year ago

    I have a situation where we have a corporate environment using Okta for authentication. We will have hundreds of daily users on this installation.

    An issue that we’ve run into is that the plugin is demoting our admin accounts to Subscriber when we log in via Okta. The plugin is not honoring the accounts that we promote to Editor or Admin and subsequent logins are getting demoted to the default Subscriber role (our default setting). 98% of the users on this installation will be used in the Subscriber role, however, we will be promoting a small selection of individual user accounts to Admin and Editor, and have the plugin handle the authentication without demoting those user accounts.

    Is there a workaround or configuration that we aren’t seeing that ensures this will happen? Currently, our only alternative is to use, separate local accounts tied to emails outside of the corporate system that never use the Okta authentication – which is not ideal because there are significant security risks there.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Cloud Infrastructure Services

    (@cloudinfrastructureservices)

    HI @prometheus-fire in this scenario what you need to do is setup role based mapping based on Okta security groups.

    Setup Okta security groups for each role and add the users into these groups, for example groups for (Admins, Editors, Subscribers, etc)

    Then within the plugin add the Okta group ID into the role mapping section of which WordPress role to apply to these groups.

    Documentation on setting this up can be found in Step 4 Role Mapping on: https://cloudinfrastructureservices.co.uk/wordpress-sso-single-sign-on/wordpress-sso-using-okta-as-saml-idp/

    Thread Starter Prometheus Fire

    (@prometheus-fire)

    It seems that you are referring to the paid version of your plugin, is that a correct understanding?

    There is no fix for this in the free version?

    We aren’t opposed to using the paid version, but we want to better understand the functionalities of each as we progress further in our project.

    Plugin Author Cloud Infrastructure Services

    (@cloudinfrastructureservices)

    yes that feature is in our paid plans. If you’re looking to test out all the features, you can run a free trial to test out all features if you’re thinking of upgrading to a paid feature. No card details are need for trials, just simply press the free trial button to activate trial within your account settings on the plugin

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Check for existing accounts and honor the user role’ is closed to new replies.