Allow configuration of auto-register behavior #1143

Closed
opened 2026-02-04 23:58:43 +03:00 by OVERLORD · 4 comments
Owner

Originally created by @nmehlei on GitHub (Apr 12, 2019).

Describe the feature you'd like
Based on https://www.bookstackapp.com/docs/admin/third-party-auth/, I understood that it is possible to allow auto-register functionality even in AzureAD scenarios, which is great as I don't have to add every user manually. Unfortunately, not every single user in our AD should have access to the wiki. Would be a lot more useful if it could be restricted, for example, based on an AD group.

Describe the benefits this feature would bring to BookStack users
Less work for the admin user as he would not have to add every user and/or more security in cases where auto-register is enabled.

Originally created by @nmehlei on GitHub (Apr 12, 2019). **Describe the feature you'd like** Based on https://www.bookstackapp.com/docs/admin/third-party-auth/, I understood that it is possible to allow auto-register functionality even in AzureAD scenarios, which is great as I don't have to add every user manually. Unfortunately, not every single user in our AD should have access to the wiki. Would be a lot more useful if it could be restricted, for example, based on an AD group. **Describe the benefits this feature would bring to BookStack users** Less work for the admin user as he would not have to add every user and/or more security in cases where auto-register is enabled.
OVERLORD added the 🔨 Feature Request🚪 Authentication🏭 Back-End labels 2026-02-04 23:58:43 +03:00
Author
Owner

@ssddanbrown commented on GitHub (Apr 12, 2019):

Hi @nmehlei,
If you want to manage things on an AD group level, might the LDAP authentication option be better for you:
https://www.bookstackapp.com/docs/admin/ldap-auth/

You can map BookStack roles to LDAP groups if using LDAP auth.

Otherwise, it may be a while before we add custom auto-register behaviour.

@ssddanbrown commented on GitHub (Apr 12, 2019): Hi @nmehlei, If you want to manage things on an AD group level, might the LDAP authentication option be better for you: https://www.bookstackapp.com/docs/admin/ldap-auth/ You can map BookStack roles to LDAP groups if using LDAP auth. Otherwise, it may be a while before we add custom auto-register behaviour.
Author
Owner

@nmehlei commented on GitHub (Apr 15, 2019):

@ssddanbrown interesting idea, but as far as I know, Azure AD does not support LDAP.

@nmehlei commented on GitHub (Apr 15, 2019): @ssddanbrown interesting idea, but as far as I know, Azure AD does not support LDAP.
Author
Owner

@coaqii commented on GitHub (May 28, 2019):

I have my authorization managed by a group that is assigned to the application.

AzureAD > Enterprise applications > BookstackApplication > Users and groups
AzureAD > Enterprise applications > BookstackApplication > Properties > User assignment required? Yes

That way I have that the user auto registers with edit rights. No way to assign a specific group to a role afaik...

@coaqii commented on GitHub (May 28, 2019): I have my authorization managed by a group that is assigned to the application. AzureAD > Enterprise applications > BookstackApplication > Users and groups AzureAD > Enterprise applications > BookstackApplication > Properties > User assignment required? Yes That way I have that the user auto registers with edit rights. No way to assign a specific group to a role afaik...
Author
Owner

@ssddanbrown commented on GitHub (Dec 18, 2021):

I'm going to close this off as there's been little further request for this and I'm not looking to widen the scope much further for the social auth providers.

As mentioned above, I'm pretty sure AzureAD itself offers some controls to application access (Although IIRC some of the group-based controls require a specific license level).

Upon that, if handy with code, there is the logical theme system which does have hooks for registration events:
https://github.com/BookStackApp/BookStack/blob/master/dev/docs/logical-theme-system.md

@ssddanbrown commented on GitHub (Dec 18, 2021): I'm going to close this off as there's been little further request for this and I'm not looking to widen the scope much further for the social auth providers. As mentioned above, I'm pretty sure AzureAD itself offers some controls to application access (Although IIRC some of the group-based controls require a specific license level). Upon that, if handy with code, there is the logical theme system which does have hooks for registration events: https://github.com/BookStackApp/BookStack/blob/master/dev/docs/logical-theme-system.md
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/BookStack#1143