On Wed, Nov 25, 2015 at 5:52 PM, Ryan Kelly <[email protected]> wrote:
> On 26/11/2015 00:25, Peter Bengtsson wrote: > > On Tue, Nov 24, 2015 at 4:25 PM, Ryan Kelly <[email protected] > > <mailto:[email protected]>> wrote: > > > FxA plus a tool that informs when LDAP statuses change (in > particular > > > when someone ceases to have LDAP staff status) would suffice. > > > > You could do what Persona does, ask for the email up-front and direct > > the login to whatever system is most appropriate - Okta for staff > > addresses, FxA for everyone else. > > > > Pardon my ignorance but why is Okta [for staff] any better than FxA? > > Because it integrates with LDAP. If I create an FxA using my > @mozilla.com address, I retain access to that account even after I leave > the company (the same as for any other email address that I had > subsequently lost access to). > > > So, is the cookie only lasting something like 24h? Or does it ping okta.com on every new session? The effect you speak of can be achieved with a sync via some central tool that checks in with LDAP periodically. Which was the original issue of this thread. A tool I'm interested in developing if there isn't already one available. > Cheers, > > Ryan > -- Peter Bengtsson Mozilla Web Engineering
_______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
