Businesses are increasingly using Google apps for internal tasks. When Liferay Portal is deployed to serve their staff (for example as an Intranet), it should be possible to enable Google SSO for staff users only.
At the moment there is no easy way to specify rules for which Google users should be allowed to register with the portal (create a user in the portal database).
This same concern applies to other SSO providers/processes too.
Some thoughts on possible approaches:
- Provide an SPI for determining if a Google user should be considered a "stranger"
- Add Google SSO configuration like "do not consider Google users with a company email address as a stranger"
p.s. the current definition of "stranger" is a SSO user which does not have a user in the portal database