67 lines
1.8 KiB
Org Mode
67 lines
1.8 KiB
Org Mode
** 2021-W11
|
|
*** 2021-03-16 Tuesday
|
|
**** MEETING DUO QA :work:meeting:
|
|
:LOGBOOK:
|
|
CLOCK: [2021-03-16 Tue 18:29]--[2021-03-16 Tue 19:23] => 0:54
|
|
:END:
|
|
[2021-03-16 Tue 18:29]
|
|
- ref :: [[file:~/dev/iroh/services/iroh-auth/src/iroh_auth/iroh_auth_service/account_selection.clj::\[:span.org-idp (hiccup/h (org-created-via-idp idps account))\]\]]]
|
|
|
|
Automation with Environment.
|
|
|
|
What to do and what not to do.
|
|
|
|
Recap your position Didi.
|
|
|
|
@Didi:
|
|
|
|
think outside of the box.
|
|
Our concerns from the other side.
|
|
Houman conversation.
|
|
|
|
Single Sign On is tested in a specific way.
|
|
We have CI environment.
|
|
Display the profile page and display the dashboard that replace the Okta
|
|
dashboard.
|
|
And provide Okta services.
|
|
Template for email and UI.
|
|
And rather not have touching these things in production.
|
|
|
|
So our dev go in the CI env.
|
|
Flow user creation, webhooks, etc...
|
|
That env is different than previous env.
|
|
|
|
If you need a CI env.
|
|
We recommend people to have their own Okta instance.
|
|
Can have as many Okta instances as we want.
|
|
|
|
2 instances:
|
|
- okta preview meant for developers and code integration.
|
|
IDE with that. CI, Preview, don't use CDN.
|
|
Willing to accept pen testing, etc...
|
|
- staging production environment.
|
|
|
|
|
|
Preview env, is stable at code level.
|
|
There is a level of testing between okta preview and prod.
|
|
|
|
3 options of testing.
|
|
|
|
1. Manually
|
|
2. Set of existing users, we give you a DUO bypass code.
|
|
We need MFA otherwise fake users creation.
|
|
3. Provide MFA in a self-hosted Okta instance.
|
|
Personal MFA to be automated.
|
|
|
|
We plan on enabled Google and not just DUO.
|
|
|
|
@Houman
|
|
|
|
Google would help because we could bypass the MFA section.
|
|
That would be enough for the automatisation part.
|
|
|
|
We can create/delete users automatically.
|
|
|
|
If Google Auth is not a reason.
|
|
Our concern is not the number of users.
|
|
We cannot have an env without MFA.
|