Create account with OIDC #3474
thib-d
started this conversation in
Feature suggestions
Create account with OIDC
#3474
Replies: 2 comments
-
|
This has definitely been discussed before, probably not a big PR if someone wanted to take a stab at it, I would suggest that the feature be opt-in rather than opt-out. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
PR: #3481 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Currently, when using OIDC authentication with Postal, if a user successfully authenticates with the configured OpenID Connect provider (e.g., Keycloak, Entra ID, Okta, Google),
but does not yet exist in Postalβs local database, the login fails with:
βNo user was found matching your identity. Please contact your administrator.β
It would be great if Postal could automatically create a local user account the first time an OIDC user logs in β similar to Just-In-Time (JIT) provisioning.
βΈ»
Proposed behavior:
When a user successfully authenticates via OIDC:
1. Postal checks if the email (or the email / preferred_username claim) already exists in the local user table.
2. If not found, Postal automatically creates a new account with:
β’ Email from the OIDC claim (email)
β’ Name from name, given_name, and family_name claims
β’ Role: configurable default (e.g., βuserβ or βviewerβ)
3. Assign this user to a default / new organization.
4. Allow admins to disable or restrict auto-creation via configuration.
Beta Was this translation helpful? Give feedback.
All reactions