[v3] No practical way to create/use (super) admin accounts with SSO enabled.

[defnull]

After enabling OpenID Connect there is no obvious way to login with a local account (e.g. the local admin account).

[farhatahmad]

This is done by design. Local and external can't both be enabled at the same time. External authentication systems (such as Keycloak) normally allow you to enable both local and social logins, but from Greenlight's perspective, they are same

[defnull]

Okay, makes sense. But if the local admin account is not usable, how would be the process to promote an external account to (super) admin status? I cannot find documentation or a rake task to do that.

[JeanPluzo]

Hi,

the way I make a normal user to admin/super user is by changing a value directly in the database. This user comes from our AD (actually all users come from AD). I've done (and still do) this in v2. Can't really tell if this would work for v3. My 2 cts/.02 dlls.

Regards, J.

[defnull]

Sure, I also managed to get admin permissions for my account via the rails console, but such an essential task should be documented and have a rake task.

For the curious:

$ docker exec name-of-your-greenlight-container bundle exec rails console
Loading production environment (Rails 7.1.0)
irb(main):001:0> mail="your-admin-email@example.com"
irb(main):002:0> user = User.find_by(email: mail, provider: "greenlight")
irb(main):003:0> user.role = Role.find_by(name: "Administrator", provider: "greenlight")
irb(main):004:0> user.save!

[farhatahmad]

Ah I see your point now - yep, this should be moved into a rake task and documented

[bastiane273]

use a different URL: https://bbb.local/signin instead of https://bbb.local Works for me