Upcoming Migration from LDAP to SSO Authentication for RDKM Managed Applications

Dear RDK Community Members,

We want to inform you about an important upcoming change: we will be migrating from LDAP authentication to Single Sign-On (SSO) for all RDKM Managed applications, including:

By the end of December 2024, all RDKM members will need to use SSO authentication to access these applications. This migration will introduce email-based authentication, meaning custom usernames will no longer be used. Instead, your email address used for registering RDK Central account will serve as your login identifier.

We plan to execute a staged rollout, where each application will transition from LDAP to SSO authentication on a biweekly basis. During this period, it is important for all members to start using SSO, as LDAP authentication will be phased out once the migration is complete.

As we approach the migration date, we will provide detailed instructions to ensure a smooth transition. Please stay tuned for further updates and steps to take.

Thank you for your cooperation and support as we make this enhancement to our authentication process


What is SSO ?

It's an authentication process that allows a user to access multiple applications or services with one set of login credentials. Instead of remembering different usernames and passwords for each service, users log in once and gain access to all interconnected systems.

This improves user convenience and enhances security by reducing the number of passwords that need to be managed. SSO is commonly used in enterprise environments for secure application authentication


The SSO migration will take place in two phases:


Phase 1: Initial Rollout for Wiki and Jira

  • Date: November 9
  • Details: Starting November 9, both Wiki and Jira will require SSO, meaning you’ll need to log in using your email address. 


Interim Period (November 9-29)
During this time, Gerrit, Artifactory, and Jenkins will still be accessible using the current custom username and password setup.


Phase 2: Full Migration for All Applications

  • Date: November 30
  • Details: Beginning November 30, we will expand SSO to Gerrit, Artifactory, and Jenkins, completing the migration for all RDKM applications. From this date onward, email-based authentication will be required to access all RDKM applications.


For more info and queries, please refer the below FAQs.


Migration will happen in two phases. First phase will happen on Nov 9th and second phase will happen on Nov 23rd. First phase will cover only RDK Wiki and Jira applications. Second phase will cover the rest of the applications like CMF, Artifactory and Jenkins.


In Phase 1 of the migration, only Jira and Wiki will transition to SSO. Starting November 9th, when you access Jira or Wiki, you'll be required to set up an new password and enable MFA.

For other applications, including CMF, Jenkins, and Artifactory, you will still use your LDAP password until Phase 2, which is scheduled for completion by November 23rd


No worries—we’ll notify all existing users! After the SSO migration, we will send an email with a link to set up your password and MFA. Detailed steps on how to complete the setup will be available in the following questions.

Yes, you’ll need an authenticator app on your mobile device. If you already have an app like Microsoft Authenticator or Google Authenticator, you can use it—there’s no need to install a new one. If you don’t have an authenticator app yet, simply download one of the commonly used options, such as Microsoft Authenticator or Google Authenticator, to get started.


  • The current RDK Central user account has been onboarded at okta platform by the RDK Central admin. The user will receive an activation email with a link, which will expire in 7 days.

 

  • Click on Activate RDKM SSO Account. It will redirect to page to setup the password.

  • Click on setup to set your password as per the requirements.

  • Click on Next. It will redirect to setup security method for MFA.

  • Click on first option - Bring your own Authenticator App
  • Click on setup.

  • Scan the barcode and enter the code from the Authenticator app.

  • Once setup, click Continue


  • It will redirect to the login page. Click on Login.
  • Now you will be logged in to the wiki application.


  • Click on Signup button. It will redirect to the CLA agreement page as below

  • Once clicked on proceed, we will receive a mail for activation.

 

  • Click on Activate RDKM SSO Account. It will redirect to page to setup the password.

  • Click on setup to set your password as per the requirements.

  • Click on Next. It will redirect to setup security method for MFA.

  • Click on first option - Bring your own Authenticator App
  • Click on setup.

  • Scan the barcode and enter the code from the Authenticator app.

  • Once setup, click Continue


  • It will redirect to the login page. Click on Login.
  • Now you will be logged in to the wiki application.


  • Reset the password as below following the password requirements

  • Once reset, you will be able to login to wiki.

  • You will receive a mail also stating that your password was reset.


As we are migrating to Okta, we cannot transfer the encrypted passwords of existing users from LDAP to Okta. Therefore, existing users will need to create a new password in Okta. Please follow the instructions above on "How to reset your password via Okta". 


Yes, It is mandatory to set new password in Okta as Okta does not recognise existing LDAP password. Please follow the above queries for setting up a new password in Okta.


Yes, It is mandatory to set MFA in Okta as we are migrating from the LDAP based login to Okta. Please follow the above queries on how to setup MFA in Okta.

 

  1. Newly signed up users should create their LDAP password to access the below RDK LDAP Based Applications.

    RDK Code
    RDK Artifactory
    RDK Jenkins

  2. Click on https://wiki.rdkcentral.com/forgotuserpassword-ldap.action link and provide the RDK Central account details. 


     
  3. You should have received an email once click on "Send it to me" 
     
  4. You can find Reset Password link in your mail inbox. 


  5. Once you click on link, You will be redirected to set new password. Set the new password and confirm password. 
    If you don't find the Captcha, Please click on reload button next to Captcha, get loaded new Captcha. 
     

  6. Once you click on reset, Your password will set successfully. 
     


  7. You can use the newly set password for connecting the RDK Applications which are still running LDAP based authentication.
    RDK Code
    RDK Artifactory
    RDK Jenkins


Don't worry. Just send a mail to support@rdkcentral.com and we will be sending out a new activation link to your email id.


Don't worry. Just send a mail to support@rdkcentral.com with the details and we will take care of it.

Phase 2 - Migration Support

Yes



  • Update netrc with new http credentials

   


  • To Sync up your RDK Central SSO account ID in Artifactory. Please login to Artifactory portal.
  • Login to https://artifactory.rdkcentral.com
  • After logging in, click on the Profile name → Edit Profile at the right side top corner.
  • Click on the gear icon here to generate a new API key
  • Once successfully generated , it would look like this.
  • Update netrc with the new API key instead of old password
  • eg: machine artifactory.rdkcentral.com login useremail@company.com password API_KEY


For any issues with SSO migration

Please reach out to RDKSupport  support@rdkcentral.com


  • No labels

2 Comments

  1. Team, it appears that the link "https://wiki-staging.rdkcentral.com/forgotuserpassword.action+" is currently unreachable. Could someone please confirm the current status of the "reset password in Okta"?

  2. Park Minsu Thanks for pointing it out. We have corrected the link now.