summary refs log tree commit diff
path: root/docs/usage/configuration
diff options
context:
space:
mode:
authorWarren Bailey <warren@warrenbailey.net>2023-03-30 12:09:41 +0100
committerGitHub <noreply@github.com>2023-03-30 11:09:41 +0000
commita3bad89d57645b2ea304d2900adab71a786b0172 (patch)
treed988ad103d961b69548567e9cb7ccf301205bbc7 /docs/usage/configuration
parentAdd some clarification to the doc/comments regarding TCP replication (#15354) (diff)
downloadsynapse-a3bad89d57645b2ea304d2900adab71a786b0172.tar.xz
Add the ability to enable/disable registrations when in the OIDC flow (#14978)
Signed-off-by: Warren Bailey <warren@warrenbailey.net>
Diffstat (limited to 'docs/usage/configuration')
-rw-r--r--docs/usage/configuration/config_documentation.md6
1 files changed, 6 insertions, 0 deletions
diff --git a/docs/usage/configuration/config_documentation.md b/docs/usage/configuration/config_documentation.md
index 060d0d5e69..c5c2c2b615 100644
--- a/docs/usage/configuration/config_documentation.md
+++ b/docs/usage/configuration/config_documentation.md
@@ -3100,6 +3100,11 @@ Options for each entry include:
    match a pre-existing account instead of failing. This could be used if
    switching from password logins to OIDC. Defaults to false.
 
+* `enable_registration`: set to 'false' to disable automatic registration of new
+   users. This allows the OIDC SSO flow to be limited to sign in only, rather than
+   automatically registering users that have a valid SSO login but do not have
+   a pre-registered account. Defaults to true.
+
 * `user_mapping_provider`: Configuration for how attributes returned from a OIDC
    provider are mapped onto a matrix user. This setting has the following
    sub-properties:
@@ -3216,6 +3221,7 @@ oidc_providers:
     userinfo_endpoint: "https://accounts.example.com/userinfo"
     jwks_uri: "https://accounts.example.com/.well-known/jwks.json"
     skip_verification: true
+    enable_registration: true
     user_mapping_provider:
       config:
         subject_claim: "id"