deft/2021-W11.org

• 2021-W11
  • 2021-03-16 Tuesday
    • MEETING DUO QA

2021-W11

2021-03-16 Tuesday

MEETING DUO QA   work meeting

CLOCK: [2021-03-16 Tue 18:29]–[2021-03-16 Tue 19:23] => 0:54

[2021-03-16 Tue 18:29]

ref

/yogsototh/deft/src/commit/9e22d2e31e92886b03e6879c917743600934fdec/~/dev/iroh/services/iroh-auth/src/iroh_auth/iroh_auth_service/account_selection.clj::%5C%5B:span.org-idp%20%28hiccup/h%20%28org-created-via-idp%20idps%20account%29%29%5C%5D%5C]

Automation with Environment.

What to do and what not to do.

Recap your position Didi.

@Didi:

think outside of the box. Our concerns from the other side. Houman conversation.

Single Sign On is tested in a specific way. We have CI environment. Display the profile page and display the dashboard that replace the Okta dashboard. And provide Okta services. Template for email and UI. And rather not have touching these things in production.

So our dev go in the CI env. Flow user creation, webhooks, etc… That env is different than previous env.

If you need a CI env. We recommend people to have their own Okta instance. Can have as many Okta instances as we want.

2 instances:

• okta preview meant for developers and code integration. IDE with that. CI, Preview, don't use CDN. Willing to accept pen testing, etc…
• staging production environment.

Preview env, is stable at code level. There is a level of testing between okta preview and prod.

3 options of testing.

1. Manually
2. Set of existing users, we give you a DUO bypass code. We need MFA otherwise fake users creation.
3. Provide MFA in a self-hosted Okta instance. Personal MFA to be automated.

We plan on enabled Google and not just DUO.

@Houman

Google would help because we could bypass the MFA section. That would be enough for the automatisation part.

We can create/delete users automatically.

If Google Auth is not a reason. Our concern is not the number of users. We cannot have an env without MFA.