When setting up Single Sign-on (SSO) on a TalentLMS portal, new SSO users that authenticate successfully against the identity provider (IdP) are allowed access to the portal, regardless of the registration restrictions applied.
Specifically, users authenticate successfully even when the following registration restrictions have been set up:
- The Sign-up method is set to the option “Manually (from admin)”
- The Sign-up method is set to the option “Direct + Admin activation”
- The Sign-up method is set to the option “Direct + Email verification”
- Sign-ups are restricted to specific email domains
In case there are specific users in your IdP that should not be allowed to access your TalentLMS portal, we recommend you either:
- Disable those users on the IdP, or
- Create an account for them in your TalentLMS portal and make sure the “Active” option remains unchecked. Inactive users are not able to access the portal.