Percona Customers who want to enable IDP Federation for their accounts will have problems Connecting their PMM instances with the Platform. Enabling the IDP Federation means that passwords will no longer be stored in the Okta identity provider, so we need to authenticate Platform users in PMM using the new approach (Okta token).
- There is a new page design on PMM>>>Settings for Percona Platform
- User can see Connect PMM to Percona Platform header for the page
- User can see the following fields
PMM Server ID (predefined and disabled by default)
PMM Server Name (required)
Percona Platform Access token (required, taken from User Profile on Portal)
Main PMM Server Domain name (predefined if exists in Advanced Settings>>>PMM server public address)
If not present in Advanced Settings>>>PMM server public address there should be a button Get from browser and user can specify PMM server address using it or just add the address in the input field.
Additionally, there is a Get Token button right-side from Percona Platform Access token field which redirects the user to https://portal.percona.com/profile when clicked.
- Connect button is disabled until the user has specified all required data.
- PMM Server users are able to specify all required data and by hitting the Connect button they can connect PMM and Platform with a new approach (Okta-token).
- There are Success or Fail notifications for Connect PMM
- If the user has performed a successful connection the screen is changed to Percona Platform
with a note that
This PMM server was connected to the Percona Platform
- Fields should contain already entered information for PMM Server ID and PMM Server Name
- There is also a Disconnect button enabled for Percona Portal organization members. If the user is not an organization member on Portal the button should be disabled.
- Read more link is pointing users to Percona Platform Documentation page
- After user has cnnected PMM and Platform it is possible for every organization member on Portal to login to PMM server using SSO
Architecture and Design:
Out of the scope:
Several domain names support