Let's say I have 2 forums in my account (1 and 2) for two different organizations. Users from the first organization are redirected to forum 1 by the widget, and users from the other organization are redirected to forum 2. They shouldn't be able to see the other forum. That is why I have set 'allowed_private_forums' in the SSO token, with only forum 1 set for organization 1, and only forum 2 for organization 2 (determinated by our software). My privacy settings for both forums are:
Somehow it is still possible for a user from organization 1 to see and post to forum 2 if they know the url. Is this a bug in SSO, or am I doing it wrong? I hope it is possible to fix. Thanks for your reply.