Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Upcoming Migration from LDAP to SSO Authentication for RDKM Managed Applications

Dear RDK Community Members,

We want to inform you about an important upcoming change: we will be migrating from LDAP authentication to Single Sign-On (SSO) for all RDKM Managed applications, including:

By the end of December 2024, all RDKM members will need to use SSO authentication to access these applications. This migration will introduce email-based authentication, meaning custom usernames will no longer be used. Instead, your email address used for registering RDK Central account will serve as your login identifier.

We plan to execute a staged rollout, where each application will transition from LDAP to SSO authentication on a biweekly basis. During this period, it is important for all members to start using SSO, as LDAP authentication will be phased out once the migration is complete.

As we approach the migration date, we will provide detailed instructions to ensure a smooth transition. Please stay tuned for further updates and steps to take.

Thank you for your cooperation and support as we make this enhancement to our authentication process


What is SSO ?

It's an authentication process that allows a user to access multiple applications or services with one set of login credentials. Instead of remembering different usernames and passwords for each service, users log in once and gain access to all interconnected systems.

This improves user convenience and enhances security by reducing the number of passwords that need to be managed. SSO is commonly used in enterprise environments for secure application authentication


The SSO migration will take place in two phases:


Phase 1: Initial Rollout for Wiki and Jira

  • Date: November 9
  • Details: Starting November 9, both Wiki and Jira will require SSO, meaning you’ll need to log in using your email address. 


Interim Period (November 9-29)
During this time, Gerrit, Artifactory, and Jenkins will still be accessible using the current custom username and password setup.


Phase 2: Full Migration for All Applications

  • Date: November 30
  • Details: Beginning November 30, we will expand SSO to Gerrit, Artifactory, and Jenkins, completing the migration for all RDKM applications. From this date onward, email-based authentication will be required to access all RDKM applications.


For more info and queries, please refer the below FAQs.


Expand
title1. When are we planning to switch from LDAP to SSO authentication?

Migration will happen in two phases. First phase will happen on Nov 9th and second phase will happen on Nov 23rd. First phase will cover only RDK Wiki and Jira applications. Second phase will cover the rest of the applications like CMF, Artifactory and Jenkins.


Expand
title2. When are we supposed to set our password and MFA for SSO authentication in RDKM applications?

In Phase 1 of the migration, only Jira and Wiki will transition to SSO. Starting November 9th, when you access Jira or Wiki, you'll be required to set up an new password and enable MFA.

For other applications, including CMF, Jenkins, and Artifactory, you will still use your LDAP password until Phase 2, which is scheduled for completion by November 23rd


Expand
title3. How will we know when to set up our password and MFA in Okta?

No worries—we’ll notify all existing users! After the SSO migration, we will send an email with a link to set up your password and MFA. Detailed steps on how to complete the setup will be available in the following questions.

Expand
title4. Is there any prerequisite setup or application required to setup the password and MFA in Okta?

Yes, you’ll need an authenticator app on your mobile device. If you already have an app like Microsoft Authenticator or Google Authenticator, you can use it—there’s no need to install a new one. If you don’t have an authenticator app yet, simply download one of the commonly used options, such as Microsoft Authenticator or Google Authenticator, to get started.


Expand
title5. How to login existing RDK Central account user after SSO Migration
  • The current RDK Central user account has been onboarded at okta platform by the RDK Central admin. The user will receive an activation email with a link, which will expire in 7 days.

 

  • Click on Activate RDKM SSO Account. It will redirect to page to setup the password.

  • Click on setup to set your password as per the requirements.

  • Click on Next. It will redirect to setup security method for MFA.

  • Click on first option - Bring your own Authenticator App
  • Click on setup.

  • Scan the barcode and enter the code from the Authenticator app.

  • Once setup, click Continue


  • It will redirect to the login page. Click on Login.
  • Now you will be logged in to the wiki application.

Expand
title6. How to signup Wiki after SSO Migration


  • Click on Signup button. It will redirect to the CLA agreement page as below

  • Once clicked on proceed, we will receive a mail for activation.

 

  • Click on Activate RDKM SSO Account. It will redirect to page to setup the password.

  • Click on setup to set your password as per the requirements.

  • Click on Next. It will redirect to setup security method for MFA.

  • Click on first option - Bring your own Authenticator App
  • Click on setup.

  • Scan the barcode and enter the code from the Authenticator app.

  • Once setup, click Continue


  • It will redirect to the login page. Click on Login.
  • Select Option as RDKM SSO.

  • Now you will be logged in to the wiki application.


Expand
title7. How to reset your password via Okta

  • Reset the password as below following the password requirements

  • Once reset, you will be able to login to wiki.

  • You will receive a mail also stating that your password was reset.


Expand
title8. For existing users, current password is not working

As we are migrating to Okta, we cannot transfer the encrypted passwords of existing users from LDAP to Okta. Therefore, existing users will need to create a new password in Okta. Please follow the instructions above on "How to reset your password via Okta". 


Expand
title9. Is it mandatory to set new password in Okta for existing users

Yes, It is mandatory to set new password in Okta as Okta does not recognise existing LDAP password. Please follow the above queries for setting up a new password in Okta.


Expand
title10. Is it mandatory to set MFA in Okta for existing users

Yes, It is mandatory to set MFA in Okta as we are migrating from the LDAP based login to Okta. Please follow the above queries on how to setup MFA in Okta.

 

Expand
title11. Reset password to connect RDK Central LDAP Based applications for New user
  1. Newly signed up users should create their LDAP password to access the below RDK LDAP Based Applications.

    RDK Code
    RDK Artifactory
    RDK Jenkins

  2. Click on https://wiki.rdkcentral.com/forgotuserpassword-ldap.action link and provide the RDK Central account details. 


     
  3. You should have received an email once click on "Send it to me" 
     
  4. You can find Reset Password link in your mail inbox. 


  5. Once you click on link, You will be redirected to set new password. Set the new password and confirm password. 
    If you don't find the Captcha, Please click on reload button next to Captcha, get loaded new Captcha. 
     

  6. Once you click on reset, Your password will set successfully. 
     


  7. You can use the newly set password for connecting the RDK Applications which are still running LDAP based authentication.
    RDK Code
    RDK Artifactory
    RDK Jenkins


Expand
title12. What if an existing user is not able to setup password and MFA within the activation mail expiry of 7 days?

Don't worry. Just send a mail to support@rdkcentral.com and we will be sending out a new activation link to your email id.


Expand
title13. What should be done if I lose access to the mobile phone where MFA is configured?

Don't worry. Just send a mail to support@rdkcentral.com with the details and we will take care of it.

Anchor
Gerrit-SSO
Gerrit-SSO
Phase 2 - Migration Support

Expand
title14. Is it Mandatory to set up Gerrit HTTP credentials ?

Yes


Expand
title15. How to setup Gerrit HTTP Credentials ?


  • Update netrc with new http credentials

   


Expand
title16. How to setup Artifactory API key
  • Login to https://artifactory.rdkcentral.com
  • After logging in, click on the Profile name → Edit Profile at the right side top corner.
  • Click on the gear icon here to generate a new API key
  • Once successfully generated , it would look like this.
  • Update netrc with the new API key instead of old password
  • eg: machine artifactory.rdkcentral.com login useremail@company.com password API_KEY


For any issues with SSO migration

Please reach out to RDKSupport  support@rdkcentral.com