Overview:
Currently, Any user initiating a first time SSO login using an identifier that already exists in the custodian org - causes an auto migration of the account from custodian to the state tenant it can cause erroneous migration to avoid it user's acknowledgment is required.
If the user is found to match an account in the custodian org when the user tries to login via SSO for the first time, the user should be prompted about the existence of the duplicate account and asked whether the account belongs to them.
...
Account auto-merge workflow should be handled in the portal front end and portal backend. An auto migration of the account from custodian to the state tenant it can cause erroneous migration to avoid its user's acknowledgment is required.
Approach :
.jpg?version=1&modificationDate=1567167023159&cacheVersion=1&api=v2)
...
- verify the message on cancel and merge screen - Rajeev discussed same will be changed by PM.
- is username from state and keycloack auth token is diffent what error message and screen should be shown - Need to show error message in error message screen.
- check if we can use the manual merge screens with username field already having value and user cannot edit it.
Issues with mobile team-
- mobile team will send client_id ='android' when the sso flow starts and portal will capture and this parameter will be send to all flow.
- mobile team will capture the code(after successful login via keycloack) and store it and if migrate success generate new session from code and login user else close the flow.
- for google sign everything will be send as a paramerter
UI Screens
Verify user via email or phone
...