This page describes how to enable users to use more than one upstream identity provider to log into the same Arvados account. This can be used to migrate account providers, for example, from LDAP to Google. In order to do this, users must be able to log into both the “old” and “new” providers.
application.yml for the SSO server, you can enable both
production: google_oauth2_client_id: abcd google_oauth2_client_secret: abcd use_ldap: title: Example LDAP host: ldap.example.com port: 636 method: ssl base: "ou=Users, dc=example, dc=com" uid: uid username: uid
Restart the SSO server after changing the configuration.
If the new account provider supplies an email address (primary or alternate) that matches an existing user account, the user will be logged into that account. No further migration is necessary, and the old provider can be removed from the SSO configuration.
If the new provider cannot provide matching email addresses, users will have to migrate manually by linking accounts
After linking accounts, users can use the new provider to access their existing Arvados account.
Once all users have migrated, the old account provider can be removed from the SSO configuration.
The content of this documentation is licensed under the
Commons Attribution-Share Alike 3.0 United States licence.
Code samples in this documentation are licensed under the Apache License, Version 2.0.