mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2026-07-18 09:52:56 -05:00
[GH-ISSUE #7072] SSO_ONLY users don't receive organisation invites #11418
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @ovrebane on GitHub (Apr 9, 2026).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/7072
Prerequisites
Vaultwarden Support String
Your environment (Generated via diagnostics page)
Config & Details (Generated via diagnostics page)
Show Config & Details
Environment settings which are overridden: DOMAIN, SIGNUPS_ALLOWED, SHOW_PASSWORD_HINT, ADMIN_TOKEN, SSO_ENABLED, SSO_ONLY, SSO_SIGNUPS_MATCH_EMAIL, SSO_ALLOW_UNKNOWN_EMAIL_VERIFICATION, SSO_CLIENT_ID, SSO_CLIENT_SECRET, SSO_AUTHORITY, SSO_SCOPES, SMTP_HOST, SMTP_SECURITY, SMTP_PORT, SMTP_FROM, SMTP_FROM_NAME, SMTP_USERNAME, SMTP_PASSWORD, SMTP_TIMEOUT
Config:
Vaultwarden Build Version
1.35.4
Deployment method
Official Container Image
Custom deployment method
No response
Reverse Proxy
traefik v3.6.12
Host/Server Operating System
Linux
Operating System Version
Debian 13
Clients
Web Vault
Client Version
Firefox 149.0
Steps To Reproduce
User receives no email nor notification in UI to accept this invite. Manually (re)inviting via email has same result. User cannot join organisation without manual database changes.
Expected Result
Actual Result
Workaround is to set their invites as accepted by user manually in database:
UPDATE users_organizations SET status = 1 WHERE status = 0 AND org_uuid = 'a29455c3-ce80-470f-a2e9-c36f7b68b0f4';After this in admin console member view "Needs confirmation" appears. Upon confirmation everything seems to work like it's supposed to. User can access their collections etc. I tried setting status = 2 directly, but that caused a broken user state, as some automatic processes regarding encryption are skipped I presume.
Logs
Screenshots or Videos
No response
Additional Context
No response
@stefan0xC commented on GitHub (Apr 9, 2026):
According to the support string you don't allow invitations. How has the user been invited to the organization?
@ovrebane commented on GitHub (Apr 9, 2026):
That setting only affects users as far as I'm aware. Organisation owners are able to invite just fine from admin console, that's what I used.
@stefan0xC commented on GitHub (Apr 9, 2026):
Normal users don't have access to the Admin Console in the first place so they can't invite other users to an organization.
If I try to invite a user that does not exist with

invitations_allowed: falseI get an error message:I can try later to invite a user that has already registered via SSO. Maybe the cleanup function triggers when it should not:
a6b43651ca/src/api/core/organizations.rs (L1131-L1136)Did you invite multiple addresses to your organization?
@ovrebane commented on GitHub (Apr 13, 2026):
Apologies for the late reply. Yes I invited all the people on that screenshot, they are from the same whitelisted domain name. But I see you have already found the source of the problem, thank you!