Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Register Azure applications for DataHub #58

Open
5 of 6 tasks
tom-webber opened this issue Jan 15, 2024 · 5 comments
Open
5 of 6 tasks

Register Azure applications for DataHub #58

tom-webber opened this issue Jan 15, 2024 · 5 comments
Assignees
Labels
DataHub Issues relating to DataHub - https://datahubproject.io/

Comments

@tom-webber
Copy link
Contributor

tom-webber commented Jan 15, 2024

User Story

As an Azure AD (AAD) evangelist
I need to register DataHub as an app in AAD
So that users can Auth via AAD to log into DataHub

Proposal

Configuring Azure Authentication for React App (OIDC)

Register an app in the AAD portal.

There is already an app named as 'data-platform-datahub-development', so maybe name the new one 'data-platform-datahub-dev'?

May be worth checking with @julialawrence precisely which permissions are required for Datahub. It is not clear whether we need User.Read, or if we need User.Read.All or some combination of the permissions on the existing data-platform-datahub-development app.

This app will likely use client credential flow for login, whereby the DataHub instance stores the client secret.

Determine whether the frontend app we're creating will reuse this same auth flow (very likely), and if so, if there are any other scopes required to handle this.

Once this is registered with the desired scopes, you'll need to post in the #staff-identity-authentication-services channel to ask for admin approval of the app (all apps required admin approval now, regardless of which permissions they need).

Definition of Done

Example

  • App registered in AAD
  • Required permissions are attached to the app
  • Admin approval requested
  • Admin approval granted
  • DataHub auth flow tested and working
  • (maybe) Custom front end flow tested and working
@tom-webber tom-webber added enhancement DataHub Issues relating to DataHub - https://datahubproject.io/ labels Jan 15, 2024
@mitchdawson1982 mitchdawson1982 self-assigned this Jan 15, 2024
@mitchdawson1982
Copy link
Contributor

Not sure on the normal timeline for approvals on this type of request but I have given a nudge to the Azure admin that has picked this up via the slack channel.

@mitchdawson1982
Copy link
Contributor

Jacob Khoo confirmed he is raiding a change for Tuesday CAB to perform the admin approval implementation this week.

@mitchdawson1982
Copy link
Contributor

mitchdawson1982 commented Jan 30, 2024

I had raised this with Matt W for approval to avoid the need for a CAB change however Matt hasn't as yet responded. I have therefore agreed with Jacob Khoo the following:

  • Jacob to recreate the app in their dev environment based on the current app settings.
  • Jacob to provide necessary credentials and example dev user accounts to test with.
  • Once testing has been completed successfully, Jacob will raise the necessary change for implementation in live.
  • Jacob will implement the change in live and provide us with the necessary credentials to validate it is working as expected.

@mitchdawson1982
Copy link
Contributor

mitchdawson1982 commented Feb 1, 2024

  • Tested successfully on 31/1/24, change has been raised for implementation.
  • 6/2/24 CAB approval obtained, raised for implementation on 8/2/24
  • Implemented 8/2/24 and tested on 9/2/24

Copy link

This issue is being marked as stale because it has been open for 60 days with no activity. Remove stale label or comment to keep the issue open.

@moj-data-platform-robot moj-data-platform-robot transferred this issue from ministryofjustice/analytical-platform Apr 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
DataHub Issues relating to DataHub - https://datahubproject.io/
Projects
Status: Done ✅
Development

No branches or pull requests

4 participants