diff --git a/app/models/discourse_single_sign_on.rb b/app/models/discourse_single_sign_on.rb
index 1e3cee24c1b..b66ea4e2b13 100644
--- a/app/models/discourse_single_sign_on.rb
+++ b/app/models/discourse_single_sign_on.rb
@@ -67,6 +67,9 @@ class DiscourseSingleSignOn < SingleSignOn
       user.custom_fields[k] = v
     end
 
+    user.admin = admin unless admin.nil?
+    user.moderator = moderator unless moderator.nil?
+
     # optionally save the user and sso_record if they have changed
     user.save!
     sso_record.save!
diff --git a/lib/single_sign_on.rb b/lib/single_sign_on.rb
index 1df32400714..bed24b53b1c 100644
--- a/lib/single_sign_on.rb
+++ b/lib/single_sign_on.rb
@@ -2,6 +2,7 @@ class SingleSignOn
   ACCESSORS = [:nonce, :name, :username, :email, :avatar_url, :avatar_force_update,
                :about_me, :external_id, :return_sso_url, :admin, :moderator]
   FIXNUMS = []
+  BOOLS = [:avatar_force_update, :admin, :moderator]
   NONCE_EXPIRY_TIME = 10.minutes
 
   attr_accessor(*ACCESSORS)
@@ -30,6 +31,9 @@ class SingleSignOn
     ACCESSORS.each do |k|
       val = decoded_hash[k.to_s]
       val = val.to_i if FIXNUMS.include? k
+      if BOOLS.include? k
+        val = ["true", "false"].include?(val) ? val == "true" : nil
+      end
       sso.send("#{k}=", val)
     end
 
@@ -77,7 +81,7 @@ class SingleSignOn
   def unsigned_payload
     payload = {}
     ACCESSORS.each do |k|
-     next unless (val = send k)
+     next if (val = send k) == nil
 
      payload[k] = val
     end
diff --git a/spec/controllers/session_controller_spec.rb b/spec/controllers/session_controller_spec.rb
index 7eca71f3bbc..fac96a16aa3 100644
--- a/spec/controllers/session_controller_spec.rb
+++ b/spec/controllers/session_controller_spec.rb
@@ -65,6 +65,23 @@ describe SessionController do
       logged_on_user.single_sign_on_record.external_username.should == 'sam'
     end
 
+    it 'allows you to create an admin account' do
+      sso = get_sso('/a/')
+      sso.external_id = '666' # the number of the beast
+      sso.email = 'bob@bob.com'
+      sso.name = 'Sam Saffron'
+      sso.username = 'sam'
+      sso.custom_fields["shop_url"] = "http://my_shop.com"
+      sso.custom_fields["shop_name"] = "Sam"
+      sso.admin = true
+
+      get :sso_login, Rack::Utils.parse_query(sso.payload)
+
+      logged_on_user = Discourse.current_user_provider.new(request.env).current_user
+      logged_on_user.admin.should == true
+
+    end
+
     it 'allows you to create an account' do
       sso = get_sso('/a/')
       sso.external_id = '666' # the number of the beast
@@ -82,6 +99,7 @@ describe SessionController do
       # ensure nothing is transient
       logged_on_user = User.find(logged_on_user.id)
 
+      logged_on_user.admin.should == false
       logged_on_user.email.should == 'bob@bob.com'
       logged_on_user.name.should == 'Sam Saffron'
       logged_on_user.username.should == 'sam'
@@ -132,7 +150,7 @@ describe SessionController do
 
       response.should redirect_to("/login")
 
-      user = Fabricate(:user, password: "frogs", active: true)
+      user = Fabricate(:user, password: "frogs", active: true, admin: true)
       EmailToken.update_all(confirmed: true)
 
       xhr :post, :create, login: user.username, password: "frogs", format: :json
@@ -147,7 +165,9 @@ describe SessionController do
       sso2.email.should == user.email
       sso2.name.should == user.name
       sso2.username.should == user.username
-      sso2.external_id == user.id.to_s
+      sso2.external_id.should == user.id.to_s
+      sso2.admin.should == true
+      sso2.moderator.should == false
 
     end