diff --git a/app/controllers/users/omniauth_callbacks_controller.rb b/app/controllers/users/omniauth_callbacks_controller.rb
index a02feb210..f3cb2b0b8 100644
--- a/app/controllers/users/omniauth_callbacks_controller.rb
+++ b/app/controllers/users/omniauth_callbacks_controller.rb
@@ -24,8 +24,17 @@ def openid_connect
if current_user.nil? # if user is not signed in (They clicked the SSO sign in button)
if user.nil? # If an entry does not exist in the identifiers table for the chosen SSO account
- # Register and sign in
user = User.create_from_provider_data(auth)
+ if user.nil? # if a user was NOT created (a match was found for User.find_by(email: auth.info.email)
+ # Do not link SSO credentials for the signed out, existing user
+ flash[:alert] = _('The email you selected has not yet been linked to an existing account.
' \
+ "Please sign in via the 'Sign in' button and navigate to the " \
+ "'Edit Profile' section of DMP Assistant.
" \
+ 'From there you can link an email and enable single sign on access.
')
+ redirect_to root_path
+ return
+ end
+ # A new user was created, link the SSO credentials (we can do this for a newly created user)
user.identifiers << Identifier.create(identifier_scheme: identifier_scheme,
value: auth.uid,
attrs: auth,
diff --git a/app/models/user.rb b/app/models/user.rb
index 444e01611..ec675c2e3 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -188,7 +188,7 @@ def self.from_omniauth(auth)
def self.create_from_provider_data(provider_data)
user = User.find_by email: provider_data.info.email
- return user if user
+ return if user
User.create!(
firstname: provider_data.info&.first_name.present? ? provider_data.info.first_name : _('First name'),