Features

Single Sign-On and Role-Based Access Control are Coming to ObjectRocket

By September 16, 2019 October 1st, 2019 No Comments

If you read the ObjectRocket blog, you’re likely aware that we have a brand new hosting platform launching this year. There are a number of big new features that we’ve already added and today I’d like to talk about our transition to a new authentication system for the new platform and some related changes.

The Path to Role-Based Access Control

When we started building this new platform, one of the features that we immediately set out to provide was Role-Based Access Control (RBAC). We’ve always allowed multiple users, with varying roles and permissions on our databases, but a common request is the same ability in our UI. Our customers told us they want to allow multiple people to log into the UI to manage databases, billing, and other aspects of the platform.

To close that gap and others, we decided to build the new platform on an all new authentication and authorization system. This new system allows us to support RBAC, Single Sign-On, Multi-factor Authentication, and even more in the future. We’re happy to roll out RBAC and SSO now, and additional features over the next few weeks and months.

What You Need to Know Today

With our new authentication flow, we now direct all sign-ins on the ObjectRocket website to our new login at https://app.objectrocket.cloud (notice the .cloud). Our current login screen at https://app.objectrocket.com (notice the .com) still works as it always has, but it is just not linked from the home page. We made this change to ultimately simplify the login experience and standardize on a single login screen.

If You’re an Existing ObjectRocket Customer

You have a few options. The first, is to just bookmark https://app.objectrocket.com and continue to use that to log in as you always have. That experience will not change immediately, other than some added messaging about the new platform/login system.

Your other option is to take advantage of account linking with the new login system. We provide Single Sign-On (SSO) between the new platform and existing platform, so you can still get to your instances, while taking advantage of the features of the new platform.

Here’s how to kick off migration of your login to our new system (don’t worry, your databases remain exactly where they are):

  • Go to our new app at https://app.objectrocket.cloud
  • Log in with the email address associated with your existing ObjectRocket account and your usual password*
  • Create an organization on the new platform (this will just be used for RBAC later)
  • You’re Done! Your account has been migrated and you can now try out the new platform, and use SSO to manage your existing instances.

* A note about the credentials for migration. Our new login system requires email and password to log in, so we link your new login to our existing system based on the email address on your account. You can verify the email on your account, in the UI.

The Service That Made it Happen

We’re pretty excited about our own new services, but there was a service behind the scenes that makes this all possible, and that’s Auth0. Like many customers, we went through the build vs. buy process for a number of the components in our new platform, and Auth0 was the clear winner to build our new identity platform on. In addition to their massive number of customer references, and “Visionary” status on Gartner’s Magic Quadrant, they simply offered a secure platform that did everything we need.

One of those key capabilities that we’re using here is an automated migration process that allows us to migrate users from our existing auth system to our new Auth0-based system when they log in. Here’s a quick breakdown of how this works:

  1. You enter your credentials at our new Auth0 powered login site.
  2. The service checks if your login exists in our Auth0-based system. If so, we just authenticate and log you in.
  3. The service then checks if your login exists in our existing auth system. If so, we use the credentials you just provided to authenticate with the existing system, create an account on the new system and link it to the account in the existing system.
  4. We log you in and enable SSO between the two user interfaces.

It’s that simple. It’s all a secure, streamlined, and ultimately supported process by our partner, Auth0.

Greater Integration Coming

Soon we will be enabling even more integration between our two platforms. For now, you’ll need to use SSO to switch between our two user interfaces. However, within the next few months we will display all of your instances in the new interface and allow you to jump between interfaces, depending on which instance you’d like to manage. Beyond that, we will integrate the products even further to provide a seamless experience.

We’re excited to be rolling out so much new functionality, and look forward to getting you all on board and using our new technology. For more information about the changes coming to our login system, please see our documentation or reach out to our support team.

Steve Croce

Steve Croce

Steve Croce is currently a Senior Product Manager and Head of User Experience at ObjectRocket. Today, Steve leads the UX/UI team through rebuilding out the platform’s user interface, scopes the company’s product and feature roadmap, and oversees the day to day development for ObjectRocket's Elasticsearch and PostgreSQL offerings. A product manager by day, he still likes to embrace his engineer roots by night and develop with Elasticsearch, SQL, Kubernetes, and web application stacks. He's spoken at KubeCon + CloudNativeCon, OpenStack summit, Percona Live, and various ObjectRocket events.