- Users who are not registered with the Liferay application are able to log in even though they have no connections.
- Liferay DXP 7.0 to 7.4
- Users log into Liferay DXP by using the Sign In widget, which uses the database to authenticate the user based on the default authentication mechanisms like SSO or LDAP.
- If the users are coming from IDP's Directory then they will be imported first to Liferay when they try to log in and it is expected in all authentication mechanisms. Also, since the users are present in the IDP's Directory it is expected to see them logging in. To avoid the same, creating a different directory in LDAP/IDP for the users who are all not a part of the Liferay application would help as the users will be imported based on the IDP details and attribute mappings.
- As a workaround, using Liferay's OOTB Deactivating Users option to prevent the user from logging in, however, exploring further on IDP's Directory side for a long-term solution should help.