Auth0 in BI4Cloud

Owned by Charles Fox
Last updated: Mar 12, 2021
3 min read

Hi Charles, 

As discussed earlier today, this is the Auth0 progress so far.

I have added in functionality to use Auth0 as part of the login process – a part of this was to restyle the login page (to be like that for bi4cloud.com) as we now redirect users to a separate login page (hosted by Auth0):

 

image001.png

 

When the user logs in, and their account doesn’t already exist in Auth0, their username & password is validated using a webservice which Auth0 calls (and it says yah / nay to the login). If the login is valid, the user is automatically added to Auth0 (and their password complexity of their existing password is not validated). Note that the webservice can only be called via servers via a white-list provided by Auth0 so it shouldn’t be able to be accessed by anyone other than them.

 

I have also modified the Inactive timeout logic to work with the new login flow. I also hope that it is a little more consistent in how it works also.

 

As part of the changes, when the user signs up they will be sent an email asking them to set their password (there is no password fields in the application anymore):

 

image002.png

 

When a customer adds new users to their account, they will be prompted that the new user will be sent an email asking them to set their password (note I expect that the wording of the prompt may need changing). 

 

 

To make adding / updating existing users more like the signup information, they will be able to enter in the user’s given & family names (we can supply this to Auth0). As part of the DB upgrade process I have tried to migrate those admin users to have their given & family names update in our users extension table.

 

When the user requests a password change / set their initial password from a signup / new user, an email is sent to them with a link they use to open a page on Auth0. Note that their password will be checked for complexity requirements. The current (unchanged) policy is:

 

 

I am currently looking at changes required for the desktop connector. I am looking at something to like what we do for companies, in using an API key. When the user logs into the desktop connector, they will authenticate against Auth0. If that login is OK, the connector will retrieve an organisation-wide API key which can be used to do what the connector needs to do for syncs.

 

Note that during the migration process, we will no longer be able to use the biadmin_* accounts (they must be valid email addresses). To work around this, I have created google groups which will map each of the biadmin_* accounts to our email addresses, so the logins will become (when becomes live):

 

biadmin_fox => biadmin_fox@bi4cloud.com (but any emails from Auth0 will be sent to fox@bi4cloud.com)

biadmin_kelly => biadmin_kelly@bi4cloud.com (but any emails from Auth0 will be sent to kelly@bi4cloud.com)

 

etc .

 

For John’s login (I don’t think he has ever used it), the biadmin_john group emails me & Charles.

 

Note that I still have not looked at enabling the social logins / styling the login page itself hosted at Auth0 yet.

 

Regards,

 

Jason

 

Jason Hilsdon

Analyst/Programmer

Interactive Reporting Pty Ltd

Email: jason@bi4cloud.com