Closed johnclary closed 3 years ago
Generated the new certs and updated One Password. Sent email to CTM to schedule update and any further prep.
sent followup email to CTM
Met with CTM. Set meeting to test ATD Forms and Banners apps with new certificates tomorrow.
Sent list of apps we need Identity Provider certs for.
Scheduled time Friday to update certificates for remaining apps. updated one pass with IP certs.
All SSO enabled apps now have updated certificates and if they had incorrect credentials such as ID Property or Issuer, they were also updated.
Any apps that were not new were resulting in a Public Cert Error so we had to recreate those instances in Azure AD. This also resolved a couple conflicts with the TDS, Data Tracker, and Finance apps.
If an app had old or incorrect SSO JS code it was updated. CSS code will need to be updated across apps so SSO buttons look the same, I only updated some apps.
Certs are set to expire 2 years from now and its unclear if app instances will need to be recreated again or not when the time comes. Its safe to assume that when we change certs again in 2 years that unless authentication changes between Azure and Knack, that all app instances will need to be recreated with updated metadata to create a new IP Cert.
All IP Certs have been updated in One Pass
Will set those Expiration Calendar reminders on Monday
Sent meeting invite to team for 30 day expiration notice in 2023.
Added 2 calendar events to Data calendar.
Cert Dates are in One Pass
Will create a new issue for updating the SSO documentation.
Process took about 3 hours working with CTM. Perhaps in the future we'll schedule the outage for 3 hours.
Todo:
During the maintenance window:
After maintenance is complete: