📟 Assess Impact on PagerDuty SSO

[connormaglynn]

👀 Purpose

• To assess the impact of decommissioning Google Workspace on end users that make use of PagerDuty SSO for the Ministry of Justice Pager Duty instance
• To ensure the Project Team undertaking the decommissioning work is aware of any risks and issues related to PagerDuty SSO
• To ensure Operations Engineering is aware of any risks and issues related to PagerDuty SSO

✅ Definition of Done

• [x] Architectural/process diagram(s), which details the current components and process required to complete PagerDuty SSO As Is, has been created
• [x] Risks to existing users currently using PagerDuty SSO have been documented and assessed
• [x] Risks to new users joining PagerDuty have been documented and assessed
• [x] If any risks are identified, additional tickets have been created to address the risk

📓 Notes

• SSO settings in PagerDuty can only be accessed by the Account Owner, of which there can only be one. The team is aware of who the account owner is, but they will most likely need to be consulted to complete this work

[levgorbunov1]

[levgorbunov1]

Contacted drobertson@pagerduty.com to see if they manage whitelist for us?

[levgorbunov1]

GitHub social connection in Auth0 links to DockerSSO OAuth application in GitHub, why? - Lazy reuse of origin OAuth application, used for DockerSSO, due to Auth0 restriction of only allowing 1 GitHub social connection.

[levgorbunov1]

[levgorbunov1]

Waiting on PagerDuty to get back to us.

[levgorbunov1]

Anyone with a business domain i.e. not a personal gmail, yahoo, hotmail etc. account can login via SSO. We are not restricting by domain.

[levgorbunov1]

[levgorbunov1]

Creating ticket to patch this vulnerability

[levgorbunov1]

Current system would be unaffected by Google Workspace decomissioning.