New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Creating users with moderator role #2108

Open
hminaeeBrunswicknews opened this Issue Dec 5, 2018 · 10 comments

Comments

Projects
None yet
4 participants
@hminaeeBrunswicknews
Copy link

hminaeeBrunswicknews commented Dec 5, 2018

Hi support,

We have the Talk with custom SSO plugin running.
Everything is good.
We have an admin user set up via /admin/install and couple of users created through SSO.
Here is what we have:

image

The problem now is what we should do if we need to have other accounts set as moderator.
We do not want to give the root admin password to every moderator.
In talk console I could not find any tab for creating different users with different roles.

Any suggestion is appreciated

@kgardnr

This comment has been minimized.

Copy link
Member

kgardnr commented Dec 5, 2018

Hey @hminaeeBrunswicknews, you'll need to ask your moderators to sign up via the comment stream (so browse to any article, sign up), and then you can change their role.

You can also create them manually via the CLI: https://docs.coralproject.net/talk/configuration-cli-tools/#working-with-your-application%E2%80%99s-authentication

@kgardnr kgardnr added the question label Dec 5, 2018

@hminaeeBrunswicknews

This comment has been minimized.

Copy link
Author

hminaeeBrunswicknews commented Dec 5, 2018

@kgardnr

Thanks for the answer.
So if we have the SSO on, they cannot create a user with email/pass since SSO will do the job.
So does this mean that the only way left is cli?

@kgardnr

This comment has been minimized.

Copy link
Member

kgardnr commented Dec 5, 2018

Oh ok - so then you search for them in the Community > People tab, and change their permissions there.

@hminaeeBrunswicknews

This comment has been minimized.

Copy link
Author

hminaeeBrunswicknews commented Dec 5, 2018

@kgardnr

Yeah I can find them there but in the admin page but if they need to login they should use email/password but for SSO we do not have that since it is token based.

they look like this:

image

@hminaeeBrunswicknews

This comment has been minimized.

Copy link
Author

hminaeeBrunswicknews commented Dec 6, 2018

@wyattjoh @kgardnr @immber

So the problem is when the moderators try to access the admin moderator console. The console is asking for username and password when their login method is through SSO.
How do we allow them to login to the console as moderator?

@kgardnr

This comment has been minimized.

Copy link
Member

kgardnr commented Dec 6, 2018

There are 2 options, you can extend your auth plugin to have a "Login with _____" button. You can check our Facebook and Google Auth plugins to see how to do that. (See screenshot attached)

Or you can have them login via the frontend and browse to the Admin, where they will be automatically logged in.

This is assuming you've given them a "Moderator" or "Admin" role in Community > People.

admin_login

@hminaeeBrunswicknews

This comment has been minimized.

Copy link
Author

hminaeeBrunswicknews commented Dec 10, 2018

@kgardnr

If I add google plugin authentication,
is it possible to just add it in the admin console and not the client where we insert the <script> code?
Or if we add it it is gonna be shown in both places?

@lriggle-strib

This comment has been minimized.

Copy link

lriggle-strib commented Jan 4, 2019

@hminaeeBrunswicknews We also have SSO set up on our application for front-end users. What we ended up doing when adding new moderators was:

  1. Log into the main website and browse to a page with the commenting interface on it
    • This creates them in the Talk application
  2. An admin finds them in the Talk admin interface and promotes them to moderator.
  3. New moderator goes to the Talk admin interface. They will see the login screen there.
    a. If Talk think's they're already logged in, have them log out of talk (the gear).
  4. New moderator clicks on the Forgot Password link. This will allow them to set a password.
  5. New moderator logs in.
@immber

This comment has been minimized.

Copy link
Contributor

immber commented Jan 4, 2019

@hminaeeBrunswicknews If you add the google auth plugin, the default behavior is that it would be shown in both places. However if you're already creating users with SSO and just need a way for them to log in, I don't think adding the google plugin will be helpful for you.

@kgardnr was suggesting that you could implement a custom SSO integration that would give you a "log in with ___" that would be connected to your SSO authentication system. That's an option, but it's also not totally necessary.

Instead, you can implement a workflow like the suggestion above.

  1. Change the role on the users created by your SSO to Moderator
  2. Once they have logged into with your site with SSO, they should be able to just nav to <TALK_ROOT_URL>/admin/moderate and they will be logged in as moderators.

If they get to that page and are not signed in, then they should login to your site using your SSO, and refresh once they have a valid session in their browser.

You don't actually need them to set a separate pwd for Talk as described by @lriggle-strib unless you've also implemented the local Talk authentication plugin.

@lriggle-strib

This comment has been minimized.

Copy link

lriggle-strib commented Jan 4, 2019

We did remove the talk auth plugins, so that makes sense. All user creation on our end is silent as long as the user is logged into our main website.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment