External user added manually in the admin site failed - K13

There is a field on the user account I believe it's called UserIsExternal that needs to be checked. There could also be some user setting information that's being set as well. If Google is your sign on of choice the password would not be stored in the Kentico application either. There is a difference between a null password and an empty password as well.

Thank you Brenden for your answer. I have correctly checked the "Is external user". I don't see what the CreateExternalUser is doing more than manually creating an external user in the admin site.

Perhaps, I am missing something else.

Sylvain

Look at the raw data and compare. That will show you where you're missing things.

Where could I find these raw data? In the SQL Server tables like CMS.USer for example?

Thank you, S.

Checked everything. SQL Server records look the same, did a step by step and the ExternalLoginInfo loginInfo contains the same info between the user created by hand and the user created by CreateExternalUser().

It looks like to me that an external user can not be created by hand in the admin site which is weird.

For example, how do I do to add all my colleague who used Google accounts? Do I asked them to login first and then I will have to search for them in the Users app? I would have prefered to add them manually one by one to control who will be added.

Thank you

OK, I have identified the problem.

When you create the user manually as an external user and even if the user is authenticated by Google with all the correct claims, the table CMS_ExternalLogin is not updated accordingly. No record in this table is created for this authenticated external user created manually in the admin site.

This table is updated only when CreateExternalUser() is used. I think that ExternalLoginSignInAsync() is checking that the user exists in this table and since it was created by hand, the function return a failed result.

It doesn’t seem to be a correct behaviour. I should be able to create an external user by hand. Is there a function which could update the external login table when the user has been authenticated by Google?

S.

When using the external identity provider, when I put it really simple, Kentico is asking that identity provider "should I authenticate the user?" and if you set the code to create the user in Kentico DB if it does not exists, then the user's data are taken from the external identity provider.
But, if you create the user manually in Kentico admin UI and then try to authenticate this user, the external identity provider does not know this user....so, the authentication obviously fails.

What is your use case to allow use their Google accounts but do not allow to authenticate everybody? It does not make much sense if you want to limit the users and use a limited set of users - in this case use the Kentico membership.