OpenID Setup - MFA - Githubissues

NHSDigital / DataDictionaryPublication

Apache License 2.0

7 stars 1 forks source link

OpenID Setup - MFA #568

Open NellySSJ opened 2 months ago

NellySSJ commented 2 months ago

This will allow Mauro users to login with the NHSE credentials. Authentications and Passwords will be managed outside of Mauro.

NellySSJ commented 2 months ago

Logged with the Technology Strategy, Architecture and Standards team. Spoke with the Carlos Trigoso (Lead Enterprise Architect – Identity and Access Management) in regards and has subsequently approved the request. Directed me to Matthew Brownhill (Senior Technical Architect), awaiting feedback on next steps.

NellySSJ commented 1 month ago

Received the OpenID configuration details. Needs to be applied by an Administrator of Mauro.

NellySSJ commented 1 month ago

Have run the configuration with Peter, and it looks like the Mauro side is complete (on the dev environment only for now).

Authorisation is failing to the NHS side. The uri provided to IT was incorrect, in addition, the error message refers to a permissions issue. Sent issues encountered back to IT contacts to investigate.

NellySSJ commented 1 month ago

This is now ready to test on the Dev environment.

AngelaFaulding commented 1 month ago

From Naresh:

It looks like SSO has been setup on the Dev server. There is now a new option to login 'NHS England'. Clicking on this should sign a user in without a entering username and password. I have just tested and it logged me in.

In order for this work, a user must have an account in Mauro and added the following security group - T1510.sg.Mauro We can request users to be added to the security group by contacting the normal IT inbox. Currently the following have been added naresh.toora@nhs.net angela.faulding@nhs.net kate.palmer-lilley@nhs.net jane.mosley@nhs.net sahed.mayet@nhs.net.

PALMER-LILLEY, Kate (NHS ENGLAND - X24) and FAULDING, Angela (NHS ENGLAND - X26), can you test to see whether this works for you both? BOWRING, Steve (NHS ENGLAND - X26) I have put a request into IT to get you added to the group just now, it would be a good test.

AngelaFaulding commented 1 month ago

@NellySSJ - Kate and I have tested this. It worked OK for Mauro but not the Orchestrator. I received this error:

AngelaFaulding commented 1 month ago

I have signed into the Orchestrator in the old way.

KatePalmerLilley commented 2 weeks ago

a new process/wiki is required to give access to Mauro - @NellySSJ @AngelaFaulding
work instructions need to be updated (new starter etc.)