OKTA for enterprise MVP

[codecovdesign]

Context: Codecov has previously offered Okta login for our dedicated namespace cloud customers.

Problem to Solve

Currently, Codecov's cloud offering lacks the ability to authenticate users via Okta, which is sometimes a limitation/barrier for organizations that rely on Okta for managing user access and security to use Codecov. Providing Okta login for our cloud users will help address this gap, enhancing our product's appeal to security-conscious organizations and sales offering.

Solution

Scope: implementing Okta login using OpenID Connect (OIDC) initially

• SAML (security assertion markup language) is NOT is scope for this initial iteration

  • There are two user flows in the organization:

    • admin, github admin may access the codecov UI to enter okta credentials
    • member, any organization members logging into codecov must be authenticated

view designs

next steps / timelines (6/10)

• platform doing accounts modeling, which are almost finalized and billing (where there could be multiple organizations)
  • currently looking at permissions and authentications model + adding apis for okta configurations
  • Platform lead: @michelletran-codecov
  • related epic: https://github.com/codecov/engineering-team/issues/1533
• applications looking into this in sprint 143
  • Application lead: @RulaKhaled

okta screenshots


### Platform
- [ ] https://github.com/codecov/engineering-team/issues/1533
- [ ] https://github.com/codecov/engineering-team/issues/1743
- [ ] https://github.com/codecov/engineering-team/issues/1745
- [ ] https://github.com/codecov/engineering-team/issues/1987
- [ ] https://github.com/codecov/engineering-team/issues/1988
- [ ] https://github.com/codecov/engineering-team/issues/1992

### Applications
- [ ] https://github.com/codecov/engineering-team/issues/1857
- [ ] https://github.com/codecov/engineering-team/issues/1982
- [ ] https://github.com/codecov/engineering-team/issues/1979
- [ ] https://github.com/codecov/engineering-team/issues/1980
- [ ] https://github.com/codecov/engineering-team/issues/1981
- [ ] https://github.com/codecov/engineering-team/issues/1983
- [ ] https://github.com/codecov/engineering-team/issues/1984
- [ ] https://github.com/codecov/engineering-team/issues/1985

[codecovdesign]

from slack @rohan-at-sentry @trent-codecov only OIDC in scope for initial iteration (not saml)