[GH-ISSUE #4745] FR: auto approve registrations for emails on specific domain #13718

New Issue

GiteaMirror · 2026-04-19T20:21:15-05:00

GiteaMirror commented

2026-04-19 20:21:15 -05:00

Originally created by @mootfrost on GitHub (Aug 20, 2024).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/4745

Is your feature request related to a problem? Please describe.
It is really annoying to approve many users from one organization manually. The only way to do this now is using a webhook.

Describe the solution you'd like
Setting in UI to automatically approve new signups made using oauth application with email ending with a specific domain.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Originally created by @mootfrost on GitHub (Aug 20, 2024). Original GitHub issue: https://github.com/open-webui/open-webui/issues/4745 **Is your feature request related to a problem? Please describe.** It is really annoying to approve many users from one organization manually. The only way to do this now is using a webhook. **Describe the solution you'd like** Setting in UI to automatically approve new signups made using oauth application with email ending with a specific domain. **Describe alternatives you've considered** A clear and concise description of any alternative solutions or features you've considered. **Additional context** Add any other context or screenshots about the feature request here.

GiteaMirror closed this issue

2026-04-19 20:21:15 -05:00

GiteaMirror commented

2026-04-19 20:21:16 -05:00

@justinh-rahb commented on GitHub (Aug 20, 2024):

Presently, emails aren't validated in any way, so while even if you could whitelist example.com you could register literally anything@example.com and it would auto-approve it immediately. This probably is not desired.

@justinh-rahb commented on GitHub (Aug 20, 2024): Presently, emails aren't validated in any way, so while even if you could whitelist `example.com` you could register literally `anything@example.com` and it would auto-approve it immediately. This probably is not desired.

GiteaMirror commented

2026-04-19 20:21:16 -05:00

@mootfrost commented on GitHub (Aug 20, 2024):

Presently, emails aren't validated in any way, so while even if you could whitelist example.com you could register literally anything@example.com and it would auto-approve it immediately. This probably is not desired.

Only when authenticating with google or any other oauth provider. Like in LibreChat

@mootfrost commented on GitHub (Aug 20, 2024): > Presently, emails aren't validated in any way, so while even if you could whitelist `example.com` you could register literally `anything@example.com` and it would auto-approve it immediately. This probably is not desired. Only when authenticating with google or any other oauth provider. Like in LibreChat

GiteaMirror commented

2026-04-19 20:21:17 -05:00

@harrisonhxy commented on GitHub (Nov 20, 2024):

Presently, emails aren't validated in any way, so while even if you could whitelist example.com you could register literally anything@example.com and it would auto-approve it immediately. This probably is not desired.目前，电子邮件没有经过任何验证，因此即使您可以将 example.com 列入白名单，您也可以按字面意思注册 anything@example.com 并立即自动批准。这可能并不可取。

Only when authenticating with google or any other oauth provider. Like in LibreChat只有在使用谷歌或其他 oauth 提供商进行身份验证时才会这样。就像在 LibreChat 中一样

Is your idea to support automatic email registration for specific domains only? For example: for @gmial.com users, the registration can be automatically approved and completed.
Besides, I would like to ask, is there a verification aspect to registering using email? For example, sending a verification code to the user's gmail and then verifying it with the assistance of the code and completing the registration.

@harrisonhxy commented on GitHub (Nov 20, 2024): > > Presently, emails aren't validated in any way, so while even if you could whitelist `example.com` you could register literally `anything@example.com` and it would auto-approve it immediately. This probably is not desired.目前，电子邮件没有经过任何验证，因此即使您可以将 `example.com` 列入白名单，您也可以按字面意思注册 `anything@example.com` 并立即自动批准。这可能并不可取。 > > Only when authenticating with google or any other oauth provider. Like in LibreChat只有在使用谷歌或其他 oauth 提供商进行身份验证时才会这样。就像在 LibreChat 中一样 Is your idea to support automatic email registration for specific domains only? For example: for `@gmial.com` users, the registration can be automatically approved and completed. Besides, I would like to ask, is there a verification aspect to registering using email? For example, sending a verification code to the user's gmail and then verifying it with the assistance of the code and completing the registration.

GiteaMirror commented

2026-04-19 20:21:18 -05:00

@DmitriyAlergant commented on GitHub (Nov 28, 2024):

Only when authenticating with google or any other oauth provider.

This already works. See environment variable options

ENABLE_OAUTH_SIGNUP
OAUTH_MERGE_ACCOUNTS_BY_EMAIL
ENABLE_OAUTH_ROLE_MANAGEMENT
OAUTH_ROLES_CLAIM
OAUTH_ALLOWED_ROLES

It may require some trial&error regarding the OAUTH_ROLES_CLAIM option, but then it can be made to obtaining the 'User' role from OAuth claim and assigning it automatically, so you won't need to confirm. We made it work for Microsoft Entra ID (easily) and for Keycloak (required some trial and error)

@DmitriyAlergant commented on GitHub (Nov 28, 2024): > Only when authenticating with google or any other oauth provider. This already works. See environment variable options - ENABLE_OAUTH_SIGNUP - OAUTH_MERGE_ACCOUNTS_BY_EMAIL - ENABLE_OAUTH_ROLE_MANAGEMENT - OAUTH_ROLES_CLAIM - OAUTH_ALLOWED_ROLES It may require some trial&error regarding the OAUTH_ROLES_CLAIM option, but then it can be made to obtaining the 'User' role from OAuth claim and assigning it automatically, so you won't need to confirm. We made it work for Microsoft Entra ID (easily) and for Keycloak (required some trial and error)

GiteaMirror commented

2026-04-19 20:21:18 -05:00

@meowth1006 commented on GitHub (Jan 26, 2025):

It is really annoying to approve many users from one organization manually. The only way to do this now is using a webhook.

Could you please tell me how you solved this problem using a webhook? Thanks.

@meowth1006 commented on GitHub (Jan 26, 2025): > It is really annoying to approve many users from one organization manually. The only way to do this now is using a webhook. Could you please tell me how you solved this problem using a webhook? Thanks.

GiteaMirror commented

2026-04-19 20:21:19 -05:00

@mootfrost commented on GitHub (Jan 26, 2025):

@meowth1006 i used this as a temporary solution https://github.com/mootfrost/webui-approver

@mootfrost commented on GitHub (Jan 26, 2025): @meowth1006 i used this as a temporary solution https://github.com/mootfrost/webui-approver

GiteaMirror commented

2026-04-19 20:21:19 -05:00

@stephansann commented on GitHub (Feb 20, 2025):

+1 for an auto-approval setting.

I set up Open WebUI with Keycloak as OpenID Provider and
ENABLE_OAUTH_SIGNUP=true

The via Keycloak logged in user will be created, but in state "pending". This is very frustrating for a new user that wants to try out the system.
And a lot of work for the admin, even though he wants to activate all users of the Keycloak realm anyhow.

@stephansann commented on GitHub (Feb 20, 2025): +1 for an auto-approval setting. I set up Open WebUI with Keycloak as OpenID Provider and ENABLE_OAUTH_SIGNUP=true The via Keycloak logged in user will be created, but in state "pending". This is very frustrating for a new user that wants to try out the system. And a lot of work for the admin, even though he wants to activate all users of the Keycloak realm anyhow.

GiteaMirror commented

2026-04-19 20:21:20 -05:00

@TryAnixx commented on GitHub (Jun 23, 2025):

@meowth1006 i used this as a temporary solution https://github.com/mootfrost/webui-approver

how did you implement this? where is this endpoint documented on openwebui?

@TryAnixx commented on GitHub (Jun 23, 2025): > [@meowth1006](https://github.com/meowth1006) i used this as a temporary solution https://github.com/mootfrost/webui-approver how did you implement this? where is this endpoint documented on openwebui?

GiteaMirror commented

2026-04-19 20:21:20 -05:00

@meowth1006 commented on GitHub (Jun 24, 2025):

@TryAnixx
You need to set the environment variable to dev to see the API documentation.

https://github.com/open-webui/open-webui/issues/4745#issuecomment-2614304588
mootfrost provides an example of an automatic approval interface using fastapi, which needs to be deployed by yourself

@meowth1006 commented on GitHub (Jun 24, 2025): @TryAnixx You need to set the environment variable to dev to see the API documentation. ![Image](https://github.com/user-attachments/assets/13269d8e-ffd9-4cea-9c25-cb9b3397e000) https://github.com/open-webui/open-webui/issues/4745#issuecomment-2614304588 mootfrost provides an example of an automatic approval interface using fastapi, which needs to be deployed by yourself

GiteaMirror referenced this issue

2026-04-19 22:47:45 -05:00

[GH-ISSUE #13718] issue: When deleting a knowledge base, it does not delete the collections corresponding to individual documents #17006

GiteaMirror referenced this issue

2026-04-20 05:16:00 -05:00

[PR #16520] [CLOSED] 🚀 feat: COMPREHENSIVE DATA PRUNING SYSTEM - The Ultimate Storage Management Solution for Open WebUI #24160

GiteaMirror referenced this issue

2026-04-25 06:27:57 -05:00

[GH-ISSUE #13718] issue: When deleting a knowledge base, it does not delete the collections corresponding to individual documents #32535

GiteaMirror referenced this issue

2026-04-25 12:14:22 -05:00

[PR #16520] [CLOSED] 🚀 feat: COMPREHENSIVE DATA PRUNING SYSTEM - The Ultimate Storage Management Solution for Open WebUI #39790