Switching Authentication Methods

Problem

Customer needs to switch from one authentication method to another.

Bulk migration

https://docs.mattermost.com/manage/mmctl-command-line-tool.html#mmctl-user-migrate-auth

Mmctl can be used to bulk migrate users from one authentication method to another. We currently support going from email, gitlab, google, ldap, office365, or saml -> ldap or saml

Individual user migration

Currently the system allows switching via Email/Password. First any authentication method needs to be switched to Email then only can it be switched to any other method.

Users and Admins can both switch to Email but only users themselves can switch from Email to any other auth method.

Process: 

  1. Enable the auth method you want your users to switch to in system console.
  2. Ensure ServiceSettings.ExperimentalEnableAuthenticationTransfer is set to true.
  3. If your current authentication isn't email/password you will need to migrate to email/password first. This can be done by either an admin or the users themselves.
    • Admins: System Console -> User Management -> Users -> Open Dropdown and Click Switch to Email/Password
    • Users: Profile -> Security -> Sign-in Method -> Click on Switch to Email/Password
  4. Users can now switch their auth methods: Profile -> Security -> Sign-in Method -> Click on Switch to AD/LDAP(Other Auth Method)

Note:

When switching to SAML, the mmctl command can be used even for Individual user migration by providing a json file with the usernames and emails of all users to migrate to SAML.

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.