Wiki source code of User loggin from MitreId to IAM
Show last authors
| author | version | line-number | content |
|---|---|---|---|
| 1 | == Subject == | ||
| 2 | |||
| 3 | this memo is about what should happen when a User from collab1 ( collab.humanbrainproject.eu ) try to login with his user MitreId to Iam | ||
| 4 | |||
| 5 | |||
| 6 | == __**Case 1 :** User has an account in MitreId but not in IAM__ == | ||
| 7 | |||
| 8 | === __**Case 1.1 :**__ User has a personal email ( not institutional ) such as gmail.com === | ||
| 9 | |||
| 10 | When he attemps to loggin on an existing service from the new collab, lets take [[https:~~/~~/wiki.ebrains.eu>>https://wiki.ebrains.eu]] | ||
| 11 | |||
| 12 | Nothing happen, Iam reject it, this username is unknow from IAM, and we don't look for it in MitreId because it's an unauthorized email | ||
| 13 | |||
| 14 | [[image:Screenshot 2020-04-29 at 16.24.42.png||height="278" width="549"]] | ||
| 15 | |||
| 16 | |||
| 17 | **Possible action :** You should Register by Getting Access or ask the support to create you exceptionnaly an account with personal email | ||
| 18 | |||
| 19 | === __**Case 1.2 :**__ User has an institutional email such as epfl.ch === | ||
| 20 | |||
| 21 | ==== __Case 1.2.1 :__ User is accredited SGA2 in the collab v1 ==== | ||
| 22 | |||
| 23 | If the user is accredited SGA2 in the collab1, he will be able to login to iam, but he will have to verify is email | ||
| 24 | |||
| 25 | [[image:Screenshot 2020-04-29 at 16.33.11.png||height="311" width="702"]] | ||
| 26 | |||
| 27 | |||
| 28 | ==== __Case 1.2.2 :__ User is **not** accredited SGA2 in the collab v1 ==== | ||
| 29 | |||
| 30 | The user will be created in IAM, but he won't have the access to xwiki or other service related to the collaboratory. | ||
| 31 | |||
| 32 | He will see this page | ||
| 33 | |||
| 34 | [[image:Screenshot 2020-04-29 at 16.24.22.png||height="345" width="683"]] | ||
| 35 | |||
| 36 | **Possible action :** | ||
| 37 | |||
| 38 | * Get SGA2 accreditation in collab1 and try to login again | ||
| 39 | * in iam, put the user in his institution group or add manually to the user the role collaboratory_member | ||
| 40 | |||
| 41 | == __**Case 2 :** User has an account in MitreId **and** in IAM or just in IAM__ == | ||
| 42 | |||
| 43 | At this point, it doesn't matter if the user have an account in MitreId, and if he is or not accredited. | ||
| 44 | |||
| 45 | We already have some users with personnal email for historic reason ( auto import of accredited SGA2 users from collab1 ) | ||
| 46 | |||
| 47 | Theses users all belong to the unit call **imported**, this unit has for now ( **exceptionally** ) the role **collaboratory_member** so they can access wiki.ebrains.eu, they will just have to verify there email. **After testing, it appears that personnal email receive well the verification email so it works !** | ||
| 48 | |||
| 49 | (% style="color:#e74c3c" %)**There is no possible scenario currently for users with personnal email to not be in the imported group, so they should all have access to wiki, except for those handmade created after a support request. Users created from a support request should be put in the appropriate unit with the appropriate access case by case.** | ||
| 50 | |||
| 51 | |||
| 52 | |||
| 53 |