1.9 KiB
1.9 KiB
Work Time Tracker
CSA Migration Epic
This issue should be the entry point for all tasks related to CSA Migration work to be done in IROH Services.
- There should be a migration route restricted to admins so all users of
the org should be sent a migration email. Should be similar to invites
but containing their
user-idinfo to update theidp-mapping. - Keep track of the old and new
idp-mappingin the org, can be used to detect if an org has been migrated. We could also add amigrated?flag. - Use the old
idp-mappingof orgs so they could be used by theclaim-aliasesin order not to break SSE and keep saying AMP even after the org migrated to SxSO.
Tasks
-
Init
idp-mappinginto orgs (right now this is not used)- Add a migration process that will use users
idp-mappingswith an heuristic to initialize theidp-mappingof their org. - During org creation add the
idp-mapping.
- Add a migration process that will use users
-
Create a new system along Invite to enable migration of user to a new IdP (SxSO)
- Create a migration flow that should be similar to the invite flow
just this time the
user-idwill also be part of the internal state so when a user login from the new IdP we could update the user instead of creating a new one. - Create a
org-migrateroute so when I admin click on that one every user of the org receive a migration email. And the route should redirect the user to the migration link for this user so the user will not need to check his mails. We should probably send the email anyway perhaps with a specific message. - The migration process should change the
idp-mappingof the org and keep track of anold-idp-mapping.
- Create a migration flow that should be similar to the invite flow
just this time the
-
Update the claim alias implentation to use
old-idp-mapping- Update all the SSE OpenID Connect clients to use that
old-idp-mapping.
- Update all the SSE OpenID Connect clients to use that