Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #44040 Add an option to disable public user registration
    Actions
    Infos
    #44040
    Clément Gayot (clementg)
    2025-07-21 11:35
    2025-07-21 11:24
    45736
    Details
    Add an option to disable public user registration

    Currently, when username/password authentication is enabled, the public user registration (sign-up) form is automatically available. This allows any visitor to create an account on the platform without administrative approval.

    There should be an administrative setting to disable this public self-service registration. This feature is crucial for instances of the application where user access must be strictly controlled.

    • Security: It prevents the creation of unauthorized or spam accounts.
    • User Management: For many organizations, user creation is a deliberate, managed process. Administrators need to be the sole gatekeepers for adding new users to the system.
    Other
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    kevin.poulet@lvcim.com
    Stage
    Empty
    New
    Empty
    Attachments
    Empty
    References
    References list is empty
    Display settings

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2025-07-21 11:35

    This allows any visitor to create an account on the platform without administrative approval.

    This is not true, you can make account validation mandatory (sys_user_approval) before it can be used.

    This feature is crucial for instances of the application where user access must be strictly controlled.

    The term "crucial" is quite strong here. Organizations with a strong need of control should really consider using OpenID Connect to control the authentication flow.

    • Reported in version changed from 16.10 to All