[GH-ISSUE #4745] FR: auto approve registrations for emails on specific domain #52384

New Issue

Closed

opened 2026-05-05 13:28:54 -05:00 by GiteaMirror · 9 comments

GiteaMirror commented 2026-05-05 13:28:54 -05:00

Owner

Copy Link

Originally created by @mootfrost on GitHub (Aug 20, 2024).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/4745

Is your feature request related to a problem? Please describe.
It is really annoying to approve many users from one organization manually. The only way to do this now is using a webhook.

Describe the solution you'd like
Setting in UI to automatically approve new signups made using oauth application with email ending with a specific domain.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Originally created by @mootfrost on GitHub (Aug 20, 2024). Original GitHub issue: https://github.com/open-webui/open-webui/issues/4745 **Is your feature request related to a problem? Please describe.** It is really annoying to approve many users from one organization manually. The only way to do this now is using a webhook. **Describe the solution you'd like** Setting in UI to automatically approve new signups made using oauth application with email ending with a specific domain. **Describe alternatives you've considered** A clear and concise description of any alternative solutions or features you've considered. **Additional context** Add any other context or screenshots about the feature request here.

GiteaMirror closed this issue 2026-05-05 13:28:54 -05:00

GiteaMirror commented 2026-05-05 13:28:55 -05:00

Author

Owner

Copy Link

@justinh-rahb commented on GitHub (Aug 20, 2024):

Presently, emails aren't validated in any way, so while even if you could whitelist example.com you could register literally anything@example.com and it would auto-approve it immediately. This probably is not desired.

<!-- gh-comment-id:2297794843 --> @justinh-rahb commented on GitHub (Aug 20, 2024): Presently, emails aren't validated in any way, so while even if you could whitelist `example.com` you could register literally `anything@example.com` and it would auto-approve it immediately. This probably is not desired.

GiteaMirror commented 2026-05-05 13:28:55 -05:00

Author

Owner

Copy Link

@mootfrost commented on GitHub (Aug 20, 2024):

Presently, emails aren't validated in any way, so while even if you could whitelist example.com you could register literally anything@example.com and it would auto-approve it immediately. This probably is not desired.

Only when authenticating with google or any other oauth provider. Like in LibreChat

<!-- gh-comment-id:2298599354 --> @mootfrost commented on GitHub (Aug 20, 2024): > Presently, emails aren't validated in any way, so while even if you could whitelist `example.com` you could register literally `anything@example.com` and it would auto-approve it immediately. This probably is not desired. Only when authenticating with google or any other oauth provider. Like in LibreChat

GiteaMirror commented 2026-05-05 13:28:56 -05:00

Author

Owner

Copy Link

@harrisonhxy commented on GitHub (Nov 20, 2024):

Presently, emails aren't validated in any way, so while even if you could whitelist example.com you could register literally anything@example.com and it would auto-approve it immediately. This probably is not desired.目前，电子邮件没有经过任何验证，因此即使您可以将 example.com 列入白名单，您也可以按字面意思注册 anything@example.com 并立即自动批准。这可能并不可取。

Only when authenticating with google or any other oauth provider. Like in LibreChat只有在使用谷歌或其他 oauth 提供商进行身份验证时才会这样。就像在 LibreChat 中一样

Is your idea to support automatic email registration for specific domains only? For example: for @gmial.com users, the registration can be automatically approved and completed.
Besides, I would like to ask, is there a verification aspect to registering using email? For example, sending a verification code to the user's gmail and then verifying it with the assistance of the code and completing the registration.

<!-- gh-comment-id:2487476679 --> @harrisonhxy commented on GitHub (Nov 20, 2024): > > Presently, emails aren't validated in any way, so while even if you could whitelist `example.com` you could register literally `anything@example.com` and it would auto-approve it immediately. This probably is not desired.目前，电子邮件没有经过任何验证，因此即使您可以将 `example.com` 列入白名单，您也可以按字面意思注册 `anything@example.com` 并立即自动批准。这可能并不可取。 > > Only when authenticating with google or any other oauth provider. Like in LibreChat只有在使用谷歌或其他 oauth 提供商进行身份验证时才会这样。就像在 LibreChat 中一样 Is your idea to support automatic email registration for specific domains only? For example: for `@gmial.com` users, the registration can be automatically approved and completed. Besides, I would like to ask, is there a verification aspect to registering using email? For example, sending a verification code to the user's gmail and then verifying it with the assistance of the code and completing the registration.

GiteaMirror commented 2026-05-05 13:28:56 -05:00

Author

Owner

Copy Link

@DmitriyAlergant commented on GitHub (Nov 28, 2024):

Only when authenticating with google or any other oauth provider.

This already works. See environment variable options

• ENABLE_OAUTH_SIGNUP
• OAUTH_MERGE_ACCOUNTS_BY_EMAIL
• ENABLE_OAUTH_ROLE_MANAGEMENT
• OAUTH_ROLES_CLAIM
• OAUTH_ALLOWED_ROLES

It may require some trial&error regarding the OAUTH_ROLES_CLAIM option, but then it can be made to obtaining the 'User' role from OAuth claim and assigning it automatically, so you won't need to confirm. We made it work for Microsoft Entra ID (easily) and for Keycloak (required some trial and error)

<!-- gh-comment-id:2505343754 --> @DmitriyAlergant commented on GitHub (Nov 28, 2024): > Only when authenticating with google or any other oauth provider. This already works. See environment variable options - ENABLE_OAUTH_SIGNUP - OAUTH_MERGE_ACCOUNTS_BY_EMAIL - ENABLE_OAUTH_ROLE_MANAGEMENT - OAUTH_ROLES_CLAIM - OAUTH_ALLOWED_ROLES It may require some trial&error regarding the OAUTH_ROLES_CLAIM option, but then it can be made to obtaining the 'User' role from OAuth claim and assigning it automatically, so you won't need to confirm. We made it work for Microsoft Entra ID (easily) and for Keycloak (required some trial and error)

GiteaMirror commented 2026-05-05 13:28:57 -05:00

Author

Owner

Copy Link

@meowth1006 commented on GitHub (Jan 26, 2025):

It is really annoying to approve many users from one organization manually. The only way to do this now is using a webhook.

Could you please tell me how you solved this problem using a webhook? Thanks.

<!-- gh-comment-id:2614218163 --> @meowth1006 commented on GitHub (Jan 26, 2025): > It is really annoying to approve many users from one organization manually. The only way to do this now is using a webhook. Could you please tell me how you solved this problem using a webhook? Thanks.

GiteaMirror commented 2026-05-05 13:28:57 -05:00

Author

Owner

Copy Link

@mootfrost commented on GitHub (Jan 26, 2025):

@meowth1006 i used this as a temporary solution https://github.com/mootfrost/webui-approver

<!-- gh-comment-id:2614304588 --> @mootfrost commented on GitHub (Jan 26, 2025): @meowth1006 i used this as a temporary solution https://github.com/mootfrost/webui-approver

GiteaMirror commented 2026-05-05 13:28:58 -05:00

Author

Owner

Copy Link

@stephansann commented on GitHub (Feb 20, 2025):

+1 for an auto-approval setting.

I set up Open WebUI with Keycloak as OpenID Provider and
ENABLE_OAUTH_SIGNUP=true

The via Keycloak logged in user will be created, but in state "pending". This is very frustrating for a new user that wants to try out the system.
And a lot of work for the admin, even though he wants to activate all users of the Keycloak realm anyhow.

<!-- gh-comment-id:2672540789 --> @stephansann commented on GitHub (Feb 20, 2025): +1 for an auto-approval setting. I set up Open WebUI with Keycloak as OpenID Provider and ENABLE_OAUTH_SIGNUP=true The via Keycloak logged in user will be created, but in state "pending". This is very frustrating for a new user that wants to try out the system. And a lot of work for the admin, even though he wants to activate all users of the Keycloak realm anyhow.

GiteaMirror commented 2026-05-05 13:28:58 -05:00

Author

Owner

Copy Link

@TryAnixx commented on GitHub (Jun 23, 2025):

@meowth1006 i used this as a temporary solution https://github.com/mootfrost/webui-approver

how did you implement this? where is this endpoint documented on openwebui?

<!-- gh-comment-id:2997776169 --> @TryAnixx commented on GitHub (Jun 23, 2025): > [@meowth1006](https://github.com/meowth1006) i used this as a temporary solution https://github.com/mootfrost/webui-approver how did you implement this? where is this endpoint documented on openwebui?

GiteaMirror commented 2026-05-05 13:28:59 -05:00

Author

Owner

Copy Link

@meowth1006 commented on GitHub (Jun 24, 2025):

@TryAnixx
You need to set the environment variable to dev to see the API documentation.

https://github.com/open-webui/open-webui/issues/4745#issuecomment-2614304588
mootfrost provides an example of an automatic approval interface using fastapi, which needs to be deployed by yourself

<!-- gh-comment-id:2998980043 --> @meowth1006 commented on GitHub (Jun 24, 2025): @TryAnixx You need to set the environment variable to dev to see the API documentation.  https://github.com/open-webui/open-webui/issues/4745#issuecomment-2614304588 mootfrost provides an example of an automatic approval interface using fastapi, which needs to be deployed by yourself

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dev

v0.9.2

v0.9.1

v0.9.0

v0.8.12

v0.8.11

v0.8.10

v0.8.9

v0.8.8

v0.8.7

v0.8.6

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.2

v0.7.1

v0.7.0

v0.6.43

v0.6.42

v0.6.41

v0.6.40

v0.6.39

v0.6.38

v0.6.37

v0.6.36

v0.6.35

v0.6.34

v0.6.33

v0.6.32

v0.6.31

v0.6.30

v0.6.29

v0.6.28

v0.6.27

v0.6.26

v0.6.25

v0.6.24

v0.6.23

v0.6.22

v0.6.21

v0.6.20

v0.6.19

v0.6.18

v0.6.17

v0.6.16

v0.6.15

v0.6.14

v0.6.13

v0.6.12

v0.6.11

v0.6.10

v0.6.9

v0.6.8

v0.6.7

v0.6.6

v0.6.5

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.20

v0.5.19

v0.5.18

v0.5.17

v0.5.16

v0.5.15

v0.5.14

v0.5.13

v0.5.12

v0.5.11

v0.5.10

v0.5.9

v0.5.8

v0.5.7

v0.5.6

v0.5.5

v0.5.4

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.8

v0.4.7

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.35

v0.3.34

v0.3.33

v0.3.32

v0.3.31

v0.3.30

v0.3.29

v0.3.28

v0.3.27

v0.3.26

v0.3.25

v0.3.24

v0.3.23

v0.3.22

v0.3.21

v0.3.20

v0.3.19

v0.3.18

v0.3.17

v0.3.16

v0.3.15

v0.3.14

v0.3.13

v0.3.12

v0.3.11

v0.3.10

v0.3.9

v0.3.8

v0.3.7

v0.3.6

v0.3.5

v0.3.4

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.125

v0.1.124

v0.1.123

v0.1.122

v0.1.121

v0.1.120

v0.1.119

v0.1.118

v0.1.117

v0.1.116

v0.1.115

v0.1.114

v0.1.113

v0.1.112

v0.1.111

v0.1.110

v0.1.109

v0.1.108

v0.1.107

v0.1.106

v0.1.105

v0.1.104

v0.1.103

v0.1.102

Labels

Clear labels

bug

confirmed

confirmed issue

core

documentation

enhancement

good first issue

help wanted

non-core

pull-request

Mirrored from GitHub Pull Request

python

question

testing wanted

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/open-webui#52384