I have OAuth2 setup, so that people who already have an account in my ERPNext instance can login via my OAuth2 provider.
I would like to enable people who already have an account on my OAuth2 provider to be able to create a new account on my ERPNext instance, transparently.
At the moment, if they don’t already have an ERPNext account, I get the message “Sorry. Signup from Website is disabled”.
I suspect, if I allowed signup from the website, it might work. But I don’t want random people from the Internet to be able to create accounts. How can I do one, without the other?
Supplementary question: If I did get this working, how could I determine what things a new account would have access to? Ideally, it would depend on information returned by my OAuth2 provider (e.g. what department they are in).