Versions Compared

Old Version 11

changes.mady.by.user Devesh Mehta

Saved on

compared with

New Version 12

changes.mady.by.user Devesh Mehta

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview:

Currently, Any user initiating a first time SSO login using an identifier that already exists in the custodian org - causes an auto migration of the account from custodian to the state tenant it can cause erroneous migration to avoid it user's acknowledgment is required.

If the user is found to match an account in the custodian org when the user tries to login via SSO for the first time, the user should be prompted about the existence of the duplicate account and asked whether the account belongs to them.

...

Account auto-merge workflow should be handled in the portal front end and portal backend. An auto migration of the account from custodian to the state tenant it can cause erroneous migration to avoid its user's acknowledgment is required.

...

Approach :


Image RemovedImage Added

                                          

...

Step 5: Users re-enter the password. If the password is correct initiate account migration else create a new account for the user.

Solution 2

Initiate a manual merge flow process for auto-merge as well.


Conclusions after first design discussion

  1. ask PM to verify the message on cancel and merge screen
  2. Check if same design works fine with the mobile team as well.
  3. encrypt the user's identifier (email or phone number) and state token after it verifies the otp  and send it to keycloack and receive the same back
  4. before calling migrate api check if same user is merging or not to do this take token from step 3 decrypt the encrypted details and validate the email address from decrypted data and token generated after sign in should have same email id.
  5. send complete Do we really need subdomain ? if YES - logoff the other user account and create session of state user token to keycloack server.


Question to PM?


  1. verify the message on cancel and merge screen - Rajeev discussed same will be changed by PM.
  2. is username from state and keycloack auth token is dirrent diffent what error message and screen should be shown shown -  Need to show error message in error message screen. 
  3. check if we can use the manual merge screens with username field already having value and user cannot edit it.

...