diff --git a/tracker.tmpSWkz4S.org b/tracker.tmpSWkz4S.org new file mode 100644 index 00000000..ca3792cb --- /dev/null +++ b/tracker.tmpSWkz4S.org @@ -0,0 +1,39 @@ +# Created 2020-09-22 Tue 11:47 +#+TITLE: Work Time Tracker +#+AUTHOR: Yann Esposito +* CSA Migration Epic + +This issue should be the entry point for all tasks related to CSA Migration +work to be done in IROH Services. + +1. There should be a migration route restricted to admins so all users of + the org should be sent a migration email. Should be similar to invites + but containing their =user-id= info to update the =idp-mapping=. +2. Keep track of the old and new =idp-mapping= in the org, can be used to + detect if an org has been migrated. We could also add a =migrated?= flag. +3. Use the old =idp-mapping= of orgs so they could be used by the + =claim-aliases= in order not to break SSE and keep saying AMP even after + the org migrated to SxSO. + +** Tasks + +- [ ] Init =idp-mapping= into orgs (right now this is not used) + - [ ] Add a migration process that will use users =idp-mappings= with an + heuristic to initialize the =idp-mapping= of their org. + - [ ] During org creation add the =idp-mapping=. +- [ ] Create a new system along Invite to enable migration of user to a new + IdP (SxSO) + - [ ] Create a migration flow that should be similar to the invite flow + just this time the =user-id= will also be part of the internal state so + when a user login from the new IdP we could update the user instead of + creating a new one. + - [ ] Create a =org-migrate= route so when I admin click on that one + every user of the org receive a migration email. And the route should + redirect the user to the migration link for this user so the user will + not need to check his mails. We should probably send the email anyway + perhaps with a specific message. + - [ ] The migration process should change the =idp-mapping= of the org and + keep track of an =old-idp-mapping=. +- [ ] Update the claim alias implentation to use =old-idp-mapping= + - [ ] Update all the SSE OpenID Connect clients to use that + =old-idp-mapping=.