"Disable Collaboration" can lock out the admin if the admin is not in the organization

[epiepo]

After selecting "Disallow Collaboration" via the Organizational Settings in the Admin Panel, all admin-account logins via GitHub don't work. The user is admin user logged out and any new login via GitHub redirects to the Sign-In page of Sandstorm.

This doesn't happen for non-admin users. The only way to work around this issue is to choose a user account, issue a new admin-token, promote this user to Admin and disable the "Disallow Collaboration" setting.

Fully reproducible.

[kentonv]

Hi @epiepo,

This is because "disallow collaboration" prohibits people outside the organization from logging in at all. Currently, there's no way to declare Github accounts as being part of your organization, so Github is always disabled by this. We should probably add some sort of warning when enabling this will totally disable some login mechanisms.

If you find you're now locked out of your server, you can regain access by SSHing in and typing:

sudo sandstorm admin-token

Visit the link it gives you, and you'll be able to undo the setting, or promote some other account inside the organization to admin.