User:Hwine/Heroku SSO Cutover: Difference between revisions
Jump to navigation
Jump to search
(draft) |
No edit summary |
||
| Line 1: | Line 1: | ||
wiki page draft | |||
NOTE: This page is only for a temporary project in June/July of 2020. | |||
Requirements for SSO Login to Heroku | |||
To continue usage of the Mozilla Heroku account, all users will need to use an email address associated with a Account which has all of the following attributes: | |||
* Linked to an identity that uses MFA for login (Firefox Account or GitHub) | * Linked to an identity that uses MFA for login (Firefox Account or GitHub) | ||
* Complete the | * Complete the NDA application process | ||
* Accepted for membership in the <code>heroku-members</code> access group. | |||
== Process == | |||
This process has a few pitfalls, so please be careful and double check as you go through it. Pay very close attention to the terminology: | |||
; '''''Heroku account identifier (HAI)''''' | |||
: the email address you provide to the Mozilla IAM system, when logging into Heroku | |||
'''NOTE:''' Completing this process will ''permanently'' and ''irrevocably'' designate Mozilla SSO as the authorization provider for Heroku for that HAI. | |||
We ''strongly'' recommend that you do not use your main email address as your HAI. Most folks will be able to use a “[https://en.wikipedia.org/wiki/Email_address#Subaddressing plus address]” as their HAI, and the steps below assume that. | |||
# Pick your HAI as a variation of an existing email address. E.g. <code>chris+moz_sso@example.com</code> | |||
# Create a Mozillians.org account using the HAI. | |||
# Create a Firefox Account. One way is to sign up for [https://monitor.firefox.com/ Firefox Monitor], using the “Sign In” link on that site. | |||
# Configure your [https://support.mozilla.org/en-US/kb/secure-firefox-account-two-step-authentication Firefox Account to use MFA]. | |||
# Apply for [https://wiki.mozilla.org/NDA NDA] status. | |||
# Apply for membership in the <code>heroku-members</code> group. | |||
# Log into [https://sso.heroku.com/saml/mozillacorporation/init Heroku via SSO] using your HAI. | |||
# Request that all permissions from your old account be transferred to your new account. | |||
# Transfer ownership of any apps you own from your old account to your new account. | |||
# In your old account [https://help.heroku.com/1AJ2ZAQ6/how-do-i-remove-myself-from-a-heroku-team remove yourself from the team]. | |||
Revision as of 23:40, 15 June 2020
wiki page draft
NOTE: This page is only for a temporary project in June/July of 2020.
Requirements for SSO Login to Heroku
To continue usage of the Mozilla Heroku account, all users will need to use an email address associated with a Account which has all of the following attributes:
- Linked to an identity that uses MFA for login (Firefox Account or GitHub)
- Complete the NDA application process
- Accepted for membership in the
heroku-membersaccess group.
Process
This process has a few pitfalls, so please be careful and double check as you go through it. Pay very close attention to the terminology:
- Heroku account identifier (HAI)
- the email address you provide to the Mozilla IAM system, when logging into Heroku
NOTE: Completing this process will permanently and irrevocably designate Mozilla SSO as the authorization provider for Heroku for that HAI.
We strongly recommend that you do not use your main email address as your HAI. Most folks will be able to use a “plus address” as their HAI, and the steps below assume that.
- Pick your HAI as a variation of an existing email address. E.g.
chris+moz_sso@example.com - Create a Mozillians.org account using the HAI.
- Create a Firefox Account. One way is to sign up for Firefox Monitor, using the “Sign In” link on that site.
- Configure your Firefox Account to use MFA.
- Apply for NDA status.
- Apply for membership in the
heroku-membersgroup. - Log into Heroku via SSO using your HAI.
- Request that all permissions from your old account be transferred to your new account.
- Transfer ownership of any apps you own from your old account to your new account.
- In your old account remove yourself from the team.