My instance of RC imports users from dedicated group of Active Directory.
Users are mapped to guests or users according their membership in AD.
Manual registration is turned off.
Then I set up RC to use Keycloak as custom OAuth and see that RC is registering users that were not imported from AD.
I’ve found settings in Accounts → Registration:
Registration with Authentication Services - is ignored for custom OAuth
Default Roles for Authentication Services - users, created with custom OAuth respect this setting.
So now I’ve set them to be created as guests. But I think that “Registration with Authentication Services” setting should be respected by custom OAuth. And may be it should be turned off by default.
Server Setup Information
- Version of Rocket.Chat Server: 3.9.7
- Operating System: Ubuntu 18
- Deployment Method: SNAP