flagsmith icon indicating copy to clipboard operation
flagsmith copied to clipboard
verified publisher icon Flagsmith

Invites don't work for SAML / LDAP

Open matthewelwell opened this issue 3 years ago • 2 comments

The current invite flow (for both links and emails) is:

  1. User receives invite
  2. Click the link to accept invite
  3. Authenticate with Flagsmith (which for SAML / LDAP will add the user to the organisation)
  4. UI triggers invite accept workflow by hitting relevant endpoint

Step 4 will break for SAML / LDAP since the user is already part of the organisation they are trying to join via invite.

As far as I can tell, we have a few options to resolve this:

  1. Remove the invites functionality when users are using SAML / LDAP
  2. Instead of blindly trying to create the user's organisation membership, we could update the existing membership if it exists (since LDAP / SAML users are created with the 'User' role)
  3. Handle the error gracefully so that users are aware what's happening since I believe that, at the moment, the invite flow breaks

matthewelwell avatar Oct 11 '22 10:10 matthewelwell

It's worth pointing out that LDAP actually only creates the user organisation membership if the default organisation id environment variable is set so we should allow invites if this is not set.

matthewelwell avatar Oct 12 '22 10:10 matthewelwell

Sentry issue: FLAGSMITH-API-2E0

sentry[bot] avatar Jun 08 '23 09:06 sentry[bot]

Closing due to inactivity. If you are reading this and are experiencing the same problem, please feel free to comment and reopen this issue.

asaphko avatar Dec 18 '25 12:12 asaphko