Hi Everyone
Please correct me if I'm wrong. I know I can use Single Sign-On Mobile in PWA, But it will automatilly create user when it is not exist in Users. Because I don't want automatically create user so I tried IdP Mobile forge, but it seems because it use InApp Browser plugin so it not works on PWA.
As title, is there anyway to implement SSO(Entra ID) without "Automatic User Provision"
Best Regards,
Hello Everyone
I look into the Users module's source. It seems has the setting in ConfigInternal entity's AutoUserProvision attribute. But the value by default is True. And I can't found UI to change this value to False.
Hi,
I do not know if it is possible to change the default setting without creating your own users provider. However if your goal is to limit who can sign in with Entra to your OutSystems application you can set that on Entra Level (my personal opinion is that this is the right place. Basically what you do is that your OutSystems Factory trusts authentications performed by Entra).
In Entra you can configure your application to only allow specified users. You can configure that in Azure Portal - Enterprise Applications.
* Go to Enterprise Applications
* Select your registered application
* In Manage - Properties set Assignment required to Yes and Save.
* In Manage - Users and Groups add the Users and Groups that are allowed to sign-in
Note that for managing group assignments you need an appropriate Entra license.
Best
Stefan
Hi @Stefan Weber
Thank you for your reply. I understood your suggestion.
But my problem is that Entra ID side don't want to create a group for OutSystems app. They want restrict user on OutSystems side.
What I want to achieve is that even use Entra ID authientication if user not already exists in User table, authientication should be failed. if I can disable "Automatic User Provision" feature, it will works for me.