The WoodWing Identity Service serves as the central authentication framework for the WoodWing Cloud Platform. Essentially, every component and feature relies on this service to authenticate user identities. When a user attempts to log in, the service presents a login interface or directs the user to their organization or employer's identity provider (IdP).
Initially, the Identity Service is designed to replace Swivle's existing authentication system, paving the way for Single Sign-On (SSO) integration. This transition makes a seamless incorporation of SSO capabilities into Swivle possible. Notably, the service is built with adaptability in mind, enabling smooth integration with other platform products. It also aims to align with industry standards like OAuth, SAML, and OpenID whenever possible.
As Single Sign-On implementation approaches, significant adjustments are being made to the permission framework, particularly concerning user permissions.
To provide a thorough explanation of these changes and their phased implementation, this article outlines the procedural trajectory.
Phased transition to group-based permissions in the WoodWing Identity Service
- Phase 1: Initially, the metadata and rules associated with users will be deactivated. As a result, existing user permissions will undergo automatic transformation into groups, following a specific naming convention. The "specific naming convention" is the current user ID/e-mail prefixed with User- (for example User-bob@example.com). However, it is important to note that this transformation occurs only when rules and permissions are applied to a given user. If no permissions are applied, no group will be generated.
- Phase 2: In this phase, User types (Content Managers, Content Consumers and Admin licenses) will be transitioned into groups, facilitating the attachment of licenses to these newly formed groups. This phase is planned to be implemented three months following the initial changes (phase 1). During this period, users can still be invited and added to groups, but the allocation of permissions will no longer be possible.
- Phase 3: Users and groups are migrated to the WoodWing Identity Service (IDS). Groups are passed on from the WoodWing Identity Service and will be added to the Group permissions page. Subsequently, different licenses can be linked to these groups. It is important to note that groups can no longer be created in Management Console; they will be created in the WoodWing Identity Service instead.
Comment
Do you have corrections or additional information about this article? Leave a comment! Do you have a question about what is described in this article? Please contact Support.
0 comments
Please sign in to leave a comment.