Default user role with third-party authentication


  • Used Zammad version: 6.1
  • Used Zammad installation type: package
  • Operating system: Ubuntu 22.04.2 LTS (Jammy Jellyfish)
  • Browser + version: all

Expected behavior:

  • Be able to choose the role of unknown users, who login for the first time through a third-party application like Microsoft O365. Because we will use this for the agents with a single tenant I would want these users to be all Agents by default.

Actual behavior:

  • I can’t find a setting which controls what role will a unknown user be assigned to after authenticated for the first time over Microsoft O365. Maybe not in the UI, but from the rails console?

Steps to reproduce the behavior:

  • Setup (single-tenant) Authentication via Microsoft under /#settings/security
  • Turn off base login and leave Microsoft the only login option (doesn’t matter for the question here…)
  • What role will newly authenticated Microsoft users be assigned to? Try to define this…

The docs are not telling much about this. Probably the users will be customers, because this is “Default at sign up” in /#manage/roles.

That’s correct. Third party authentication providers, just like incoming emails for yet unknown users, use the default signup role which defaults to “Customer”.

I understand. So there is not an option to change this behaviour depending on the source of the new user.

How about a trigger at user creation that will send a webhook to a minimalistic webserver. The webserver will check if the new user is from the O365 tenant (in the simplest case just by the email domain) and if yes will send a PUT request to the users endpoint to adjust the role of the user to whatever is desired. Do you think this will work?

No. Please look at the documentation on how triggers work if you want to understand why better.