tracker.tmpSWkz4S.org

tracker.tmpSWkz4S.org

@@ -0,0 +1,39 @@
+# Created 2020-09-22 Tue 11:47
+#+TITLE: Work Time Tracker
+#+AUTHOR: Yann Esposito
+* CSA Migration Epic
+
+This issue should be the entry point for all tasks related to CSA Migration
+work to be done in IROH Services.
+
+1. There should be a migration route restricted to admins so all users of
+   the org should be sent a migration email. Should be similar to invites
+   but containing their =user-id= info to update the =idp-mapping=.
+2. Keep track of the old and new =idp-mapping= in the org, can be used to
+   detect if an org has been migrated. We could also add a =migrated?= flag.
+3. Use the old =idp-mapping= of orgs so they could be used by the
+   =claim-aliases= in order not to break SSE and keep saying AMP even after
+   the org migrated to SxSO.
+
+** Tasks
+
+- [ ] Init =idp-mapping= into orgs (right now this is not used)
+  - [ ] Add a migration process that will use users =idp-mappings= with an
+    heuristic to initialize the =idp-mapping= of their org.
+  - [ ] During org creation add the =idp-mapping=.
+- [ ] Create a new system along Invite to enable migration of user to a new
+  IdP (SxSO)
+  - [ ] Create a migration flow that should be similar to the invite flow
+    just this time the =user-id= will also be part of the internal state so
+    when a user login from the new IdP we could update the user instead of
+    creating a new one.
+  - [ ] Create a =org-migrate= route so when I admin click on that one
+    every user of the org receive a migration email. And the route should
+    redirect the user to the migration link for this user so the user will
+    not need to check his mails. We should probably send the email anyway
+    perhaps with a specific message.
+  - [ ] The migration process should change the =idp-mapping= of the org and
+    keep track of an =old-idp-mapping=.
+- [ ] Update the claim alias implentation to use =old-idp-mapping=
+  - [ ] Update all the SSE OpenID Connect clients to use that
+    =old-idp-mapping=.