We use SSO to login to our Directus Implementation instead of a public registration
Wondering if there was a way already built to set a default role for those who login through cloudflare - our SSO provider. Right now the workflow is painful as any new user must be assigned a read role manually at the minimum so they can extract information. We would like to avoid any third party workflow tool to do this (Fine with using a marketplace extension though)
Provider and External Identifier are properly set / working.
Hello @Jason_Liang
You can usually set a default role for new SSO users using the environment variable:
AUTH_<PROVIDER>_DEFAULT_ROLE_ID=<role_id>
For example, with Google SSO this works as:
AUTH_GOOGLE_DEFAULT_ROLE_ID=<role_id>
This automatically assigns the specified role to any new users signing in through that provider.
For Cloudflare SSO, you can try the same pattern (AUTH_CLOUDFLARE_DEFAULT_ROLE_ID), but I haven’t tested it myself. It should work in theory, based on how Directus handles SSO providers.
Docs:
