Hi IAM Team,
we identified a strange situation with @rabimba’s profile. The impact is that Mozillians profile holder rabimba is unable to login to Mozilla Slack.
According to his Mozillians profile, @rabimba is part of both the nda
and slack-access
groups.
When he opens the /info
endpoint, his groups
claim looks weird:
"https://sso.mozilla.com/claim/groups": [
"everyone",
"mozilliansorg_apps",
"mozilliansorg_automation",
"mozilliansorg_firefox",
"mozilliansorg_firefoxos",
"mozilliansorg_mozdev",
"mozilliansorg_sf-monument",
"mozilliansorg_sumo",
"mozilliansorg_mozspeakers",
"mozilliansorg_security",
"mozilliansorg_army of awesome",
"mozilliansorg_nda",
"mozilliansorg_techspeakers"
],
Two observations:
-
mozilliansorg_slack-access
is missing - rabimba’s Tags are converted to Access Groups.
I think @rabimba is using Github+2FA for authentication. The AAI/AAL claim looks good:
"https://sso.mozilla.com/claim/AAI": [
"2FA"
],
"https://sso.mozilla.com/claim/AAL": "MEDIUM"
Hope you can help us.
Best regards,
Henrik