Actions
Idea #12945
closed
Document and test identity provider migration for user accounts
Status:
Duplicate
Priority:
Normal
Assigned To:
-
Category:
-
Target version:
-
Start date:
Due date:
Story points:
0.5
Description
Below is a sketch of the implementation to be tested and documented:
It is possible to change authentication providers for a user account. Examples:- A user’s account is attached to Google account person@old.example.com, but the user now wishes to log in with Google account person@new.example.com instead.
- A user used to log in with LDAP authentication, but now wishes to log in with Google account person@new.example.com instead.
Procedure:
- Determine the user’s existing UUID.
- Clear the identity_url field of the existing user record.
- Add a Link object with the following attributes:
{ "link_class":"permission", "name":"can_login", "tail_uuid":"person@new.example.com", "head_uuid":"aaaaa-tpzed-abcdefghijklmno", "properties":{ "identity_url_prefix":"https://www.google.com/" } }
*Have the user log in using their person@new.example.com Google account.
Updated by Tom Morris almost 7 years ago
- Target version changed from To Be Groomed to Arvados Future Sprints
- Story points set to 0.5
Updated by Tom Clegg almost 7 years ago
- Related to Idea #12705: Documentation/helper scripts for migrating users to federated identity added
Updated by Tom Clegg almost 7 years ago
- Status changed from New to Duplicate
(description above is just an early draft of docs added in #12705)
Updated by Tom Morris almost 7 years ago
- Target version deleted (
Arvados Future Sprints)
Actions