Is there a way to configure Grist (self-hosted for now) to automatically add new users to an organization? I’m using the GRIST_SINGLE_ORG configuration and SAML login, and everything works flawlessly, except for the organization assignment part. This is what a new user sees when logging in:
Hi @Ivan_Filgueiras, we don’t have that behavior yet. You’re not the first to ask about it. There is a way to add users in bulk, but you still need their email addresses up front. If you do add the behavior yourself, a pull request would be very welcome
Off the top of my head, a good hook might be here:
At this point the page is loading, the user is known, and we’ve determined they don’t currently have access to whatever they are trying to look at.
Or, on the back end, you could look at tweaking the endpoints that serve landing pages:
I’d say if you do make a PR, we wouldn’t want this to be the default behavior, since it could be a surprise for existing users. Presumably some extra configuration is needed, to express what level of access is to be granted automatically? Presence or absence of that configuration could be what determines whether this behavior kicks in?
I figured out the solution to my problem. I needed to set GRIST_DEFAULT_EMAIL to initialize the owner of my organization with my saml account’s email. This was never discussed in the docs outside of the telemetry section. I strongly recommend moving this information to the authentication section because the telemetry section shouldn’t solely contain critical authentication setup variables needed for any user using SAML. please add the email variable to the auth docs as a required variable. It would have saved me a headache. Finally, please update the session state store to output when a user was unauthorized rather than throwing a general error about not being able to retrieve the session. I successfully deployed grist now and I think those changes would help a lot of people. Finally, it would be nice if saml attributes could contain Organization information to allow a user to access. Thank you so much!