New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Setup break-glass account for at least 2 users #464

Open

5 tasks

jkarpen opened this issue Jan 30, 2025 · 0 comments

Assignees

Labels

Operations

Milestone

Milestone 2: Secu...

Collaborator

jkarpen commented Jan 30, 2025 •

edited

Loading

Based on the feedback received for https://github.com/cagov/caldata-dse-internal-tracker/issues/10, this story is to implement the next steps and actually create / update accounts break-glass setup

Next steps taken from issue #10:
I think an additional step would be to create five authentication policies for different user personae:

Okta-only authentication policy for ODI human users
Duo-MFA-only authentication policy for external human users
Okta as well as Duo-MFA authentication policy for admin human users (can this be accomplished by combining the above two? I'm not sure)
Key-pair only authentication policy for most service accounts
Password-only authentication policy for legacy service accounts that don't support key-pair.

jkarpen assigned ram-kishore-odi

jkarpen added this to the Milestone 2: Security Hardening & Documentation milestone

jkarpen added the Operations label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment