User:Hwine/Heroku SSO Cutover

NOTE: This page is only for a temporary project in June/July of 2020. It will be deleted when that project is completed.

Requirements for SSO Login to Heroku

To continue usage of the Mozilla Heroku account, all users will need to use an email address associated with a Account which has all of the following attributes:

• Linked to an identity that uses MFA for login (Firefox Account or GitHub)
• Complete the NDA application process
• Accepted for membership in the heroku-members access group.

Process

This process has a few pitfalls, so please be careful and double check as you go through it. Pay very close attention to the terminology:

Heroku account identifier (HAI)

the email address you provide to the Mozilla IAM system, when logging into Heroku

NOTE: Completing this process will permanently and irrevocably designate Mozilla SSO as the authorization provider for Heroku for that HAI.

We strongly recommend that you do not use your main email address as your HAI. Most folks will be able to use a “plus address” as their HAI, and the steps below assume that.

1. Pick your HAI as a variation of an existing email address. E.g. chris+moz_sso@example.com
2. Create a Mozillians.org account using the HAI.
3. Create a Firefox Account. One way is to sign up for Firefox Monitor, using the “Sign In” link on that site.
4. Configure your Firefox Account to use MFA.
5. You'll need NDA status, start by using this form to request an invite.
6. After you have NDA status, apply for membership in the heroku-members group.
7. Log into Heroku via SSO using your HAI.
8. Request that all permissions from your old account be transferred to your new account.
9. Transfer ownership of any apps you own from your old account to your new account.
10. In your old account remove yourself from the team.