Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🔐 Implement a Standard SSO Architecture Across All Third Party Tools #4869

Open
10 tasks
connormaglynn opened this issue Sep 27, 2024 · 0 comments
Open
10 tasks

🔐 Implement a Standard SSO Architecture Across All Third Party Tools #4869

connormaglynn opened this issue Sep 27, 2024 · 0 comments

Comments

@connormaglynn
Copy link
Contributor

connormaglynn commented Sep 27, 2024
edited
Loading

👀 Purpose

  • To simplify security auditing of Third Party Tooling by standardising the authentication/authorisation process for new and existing users.
  • To increase security by using Enterprise Identity Providers for SSO connections, which have a more formal JML process
  • We have agreed as a team to use a standard architecture for authentication and authorisation (see below). This architecture is currently implemented for GitHub SSO, for example.
    Image

✅ Definition of Done

  • ⚠️ The standard SSO architecture may not be possible to implement in all tools. Where this is not possible, we should document centrally the current authentication/authorisation process for the tool - and detail any blockers in enabling the Standard SSO Architecture
  • 🐳 Docker SSO Implements The Standard SSO Architecture
  • 🔑 1Password SSO Implements The Standard SSO Architecture
  • 🏓 Pingdom SSO Implements The Standard SSO Architecture
  • 📟 PagerDuty SSO Implements The Standard SSO Architecture
  • ⛅️ SonarCloud SSO Implements The Standard SSO Architecture
  • 🖥️ Sentry SSO Implements The Standard SSO Architecture
  • 🟢 CircleCI SSO Implements The Standard SSO Architecture
  • 🔐 Auth0 SSO Implements The Standard SSO Architecture
  • 🗺️ OSDataHub SSO Implements The Standard SSO Architecture

📓 Notes

  • Template Spreadsheet to be used to document whether a tool has implemented the standard SSO architecture and note any deviations and justifications.
  • Both Enterprise Google Workspace and Enterprise Azure AD connections already exist in our Auth0 Tennant. For each tool, we should only need to create an Application in Auth0, enable both connections and plug the details Application details into the service.
  • GitHub (ministryofjustice) SSO has already implemented the standard architecture. Github (moj-analytical-services) has not implemented the standard architecture, but we have a separate milestone to complete this work: Single Sign-On for Analytical Services GitHub Organisation
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
⚙️ Operations Engineering
Status: 👀 Todo
Milestone
No milestone
Development

No branches or pull requests
1 participant
@connormaglynn