Active Directory

[anexact]

MB posed question to IT officer CCh as follows:

Option 1 (preferred): Federation Services https://technet.microsoft.com/en-us/library/gg188612.aspx https://aws.amazon.com/blogs/mobile/announcing-saml-support-for-amazon-cognito/

Option 2 (less preferred): Passport Approach https://www.npmjs.com/package/passport-activedirectory

[LucieGueuning]

OPERATOR - ACTIVE DIRECTOR.xlsx

[LucieGueuning]

Confirm and double-check with Office 365 Support Team that 'password never expire'

[LucieGueuning]

to be done by Monday 19th of March (at least three permissions: viewers, operators, admin).

[matthewberryman]

@LucieGueuning just noting that this code is in dev branch but there are some logistical things and configuration things I need to work through with you and Richard before I activate it. For now it is working with the test login on our test site.

[LucieGueuning]

Great! do you want me to arrange a Skype call? or should I include Richard on the call tomorrow? Please let me know.

[matthewberryman]

No need to include Richard on the Skype call / have a separate one, can follow up by email (I have sent one to both of you with some follow up actions).

Sent from my iPhone

On 12 Mar 2018, at 21:01, Lucie Gueuning notifications@github.com<mailto:notifications@github.com> wrote:

Great! do you want me to arrange a Skype call? or should I include Richard on the call tomorrow? Please let me know.

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHubhttps://github.com/MSFREACH/msf-reach/issues/57#issuecomment-372254324, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ACLqbuqZuokFOEI1eGvnU-ls1a8NbrBsks5tdkeIgaJpZM4O9CHi.

[LucieGueuning]

Ok, well noted. Thanks Matthew.

[LucieGueuning]

Great. Working well on production environment. To confirm:

• every users on the Operators group can access REACH (https://msf-reach.org/) with MSF credentials?
• For viewers as default: when that can be done? I confirmed that on the front-end of REACH: everything is the same, except all button (following list), need to have no hyperlink but a message saying: 'You do not have permission to use this button. Please contact us (mailto:lucie.gueuninghongkong.msf.org) to grant the requested permission. Thanks.'
  1. the 'edit' button on event page
  2. to confirm report on 'report' tab table.
  3. disabling double click for event creation

Does that make sense?

[matthewberryman]

• every users on the Operators group can access REACH (https://msf-reach.org/) with MSF credentials?

Correct.

• For viewers as default: when that can be done? I confirmed that on the front-end of REACH: everything is the same, except all button (following list), need to have no hyperlink but a message saying: 'You do not have permission to use this button. Please contact us (mailto:lucie.gueuninghongkong.msf.orghttp://lucie.gueuninghongkong.msf.org/) to grant the requested permission. Thanks.'

  1. the 'edit' button on event page
  2. to confirm report on 'report' tab table.

That message won’t fit in the space of the buttons. It would be simpler maybe to just have an alert reminder pop up, and/or hide them (bearing in mind we discussed having a modal pop up on login to the system stating just that, in addition to any possible alerts).

Plus there are other UI things that need to change too, for example disabling double click for event creation.

@anexact

Sent from my iPhone

On 14 Mar 2018, at 22:53, Lucie Gueuning notifications@github.com<mailto:notifications@github.com> wrote:

Reopened #57https://github.com/MSFREACH/msf-reach/issues/57.

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHubhttps://github.com/MSFREACH/msf-reach/issues/57#event-1520745483, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ACLqbmY7PKF3J1s02SY1I1OYwpU9KTHFks5teQSZgaJpZM4O9CHi.

[LucieGueuning]

ok good idea for having an alert reminder pop up, not hiding them. Go for it.

[LucieGueuning]

test with my gmail address: this is FYI. After adding me to the Operators group as guest (gmail address) For people outside the organisation, like TIC people for example. They will need to have a log in thanks to Cognito right?

[matthewberryman]

@LucieGueuning correct we will need to set up a separate environment (using Cognito for login), which can point to the same database.

[matthewberryman]

Just noting https://github.com/MSFREACH/msf-reach/issues/279 is issue for external parties.

[matthewberryman]

@LucieGueuning Just noting that double clicking still brings up event creation modal, and report status still shows up as a drop-down list, but as you go to confirm event / change status it will then pop up the modal. This is too much work in current phase to implement (I have other more pressing things) plus leaving it that way shows the functionality off even if people don't have access.

[LucieGueuning]

too much work to implement what? I don't understand, sorry

[matthewberryman]

Too much work to implement checks and changes to turn off the edit buttons and dropdowns client side.

[LucieGueuning]

need to be done, because it was open on time.

Thanks

[anexact]

This is a bad decision; please do not change it client side because it then doesn't show what the system can do. @LucieGueuning please put this on Monday agenda to discuss. (( Overall, IMO I think these types of decisions in the GitHub should be made more strategically and carefully so that the actual outcome is desirable for the platform, not because they were or were not put on a list at some point. ))

[LucieGueuning]

ok for being on the agenda on Monday

[matthewberryman]

Yes @luciegueuning we’d talked subsequently about leaving this aspect of it as is to show off those features (while not allowing submission of changes) and that seemed acceptable at the time. Please discuss further with @anexact Monday. The rest of this feature request is done.

[LucieGueuning]

linked to 'person in charge' field