Guide: Migrating your legacy account to an identity provider

Track

Test Bed use

About this guide

This guide walks you through the process of migrating your legacy Test Bed account to an identity provider’s Single-Sign-On (SSO) account. Depending on the Test Bed’s configuration this may be the European Commission’s EU Login service, or another provider.

What you will achieve

At the end of this guide you will have migrated your Test Bed account to use your identity provider’s account, and will have an overview of the changes affecting your day-to-day Test Bed activities.

What you will need

To follow the steps of this guide you will need to have:

  • An existing account for a Test Bed instance that is now integrated with an identity provider service (EU Login or other).

  • A web browser.

  • About 5 minutes (plus an additional 5 minutes and an active email account to create an account with your provider if you don’t already have one).

How to complete this guide

To complete the migration of your account follow in sequence the guide’s Steps. Although not mandatory for the migration itself you are also advised to read the guide’s additional sections to understand why this migration is needed and have an overview of what’s new.

Does this apply to you?

Test Bed instances operated by the European Commission typically use EU Login for user authentication. Other non-Commission instances may similarly be integrated with another similar service for the same purpose.

This tutorial applies to you if the Test Bed you are using is now using such a service, but you have previously been connecting using a legacy username and password account. To continue using the Test Bed you need to migrate your legacy account which is what this guide will help you with.

Note

Integration with EU Login or a similar service is typically disabled for development-purpose Test Bed instances. Such instances continue to use the existing username and password accounts.

Why integrate with an SSO service?

The integration with an SSO service is driven by the following reasons:

  • The Test Bed’s overall security is enhanced by using an external identity management service that is designed for this purpose.

  • Using an identity provider enables single sign-on sessions, minimising the times needed to authenticate when using related services.

  • Use of an identity provider aligns the Test Bed with organisal guidelines. For example, European Commission services are expected to use EU Login to authenticate users.

Steps

Carry out the following steps in sequence to complete this guide.

Step 1: Ensure you have an account with your provider

Before taking any action on the Test Bed, be it connecting, registering for the first time or trying out available demos, you need to authenticate using your identity provider’s account.

Identity providers typically allow you to create a new account from their sign-in page. Nonetheless, it is simpler to ensure you have an account beforehand before connecting to the Test Bed. In the case of EU Login, you can follow our EU Login guide to check if you have an existing account and create a new account if not.

Step 2: Access the Test Bed’s welcome page

Visit the Test Bed’s welcome page. For the DIGIT Test Bed service this would be available at https://www.itb.ec.europa.eu/itb.

../_images/welcome4.png

In this page you are provided with shortcuts to carry out common tasks before connecting. For the migration what is important is the Migration note listed in the bottom in which a link is provided to start the migration.

../_images/welcome_migration.png

Click this link to proceed to the next step.

Step 3: Authenticate on your identity provider

You will now be directed to your identity provider’s sign-in page. If the provider is EU Login, the exact screen you see next depends on your EU Login account:

  • If you have an existing EU Login account and an open EU Login session you will see only a confirmation to proceed to the Test Bed. This confirmation may also be skipped if you have set it to do so in your account’s settings.

  • Otherwise you will see a form to authenticate, with a greeting if you are a returning user.

../_images/eu_login.png

Note

For more information on managing your EU Login account check the dedicated EU Login guide.

If the Test Bed is using another identity provider the screens displayed would vary but the available options, and ultimate result, would be similar. In any case, once you are successfully authenticated you will be directed back to the Test Bed.

Step 4: Provide your legacy credentials

Having authenticated on EU Login you are directed back to the Test Bed where you are presented with a popup to link a new role to your account.

../_images/migration_popup.png

This has preselected for you the option to migrate an existing legacy account. In the form presented here you need to enter the credentials you have used up to now to log into the Test Bed:

  • Username: Your username you have used up to now.

  • Password: Your password.

Once you have provided this information click Complete to finish the migration.

Note

What is a role? When an external identy provider is used (such as EU Login), you have a single user account with which you can connect to the Test Bed in different ways (e.g. for different organisations or in different communities). Such connections, previously defined as separate legacy user accounts in the Test Bed, are now considered as roles that are linked to your provider’s account.

Step 5: Select your newly migrated role

If the legacy credentials you have provided are correct the popup will close and you will see a new role linked to your account.

../_images/select_account.png

The information you see corresponds to your previous Test Bed account and shows your role (User or Administrator), your organisation’s name and, in parentheses, the community to which this organisation belongs. Clicking this row will transfer you to your home page within the Test Bed from where you can proceed as usual.

Unless you have multiple roles linked to your account (which will not be the case if you are migrating a single legacy account) this screen will only appear this one time. From this point on, to log into the Test Bed you can click the main Click to log in button from the Test Bed’s welcome page.

../_images/welcome_login.png

Doing so will automatically pass you through your identity provider’s sign-in page (if needed) and transfer you directly to your home page within the Test Bed.

Points to consider

The following sections address additional points linked to your account’s migration that you may want to consider.

How to migrate additional accounts?

Most non-administrator users should have a single Test Bed account and be fully covered with the described Steps. If you have multiple accounts to migrate you can do this in one of two ways:

  • Option 1: Through the welcome page shortcut by repeating the described Steps and simply providing a different set of credentials when prompted.

  • Option 2: Once connected to the Test Bed through your profile settings.

Specifically regarding option 2, you would do this once connected by hovering over your name in the top-right corner and clicking Switch role.

../_images/switch_role.png

Doing so displays the list of roles currently assigned to you and allows you to Link another role to your account.

../_images/link_another_role.png

Clicking this you are presented with a popup to link a new role to your account where you can select the migration option.

../_images/link_popup.png

From this point on the process continues as described in Step 4: Provide your legacy credentials.

How to migrate accounts used by multiple users?

One of the benefits of the Test Bed’s previous legacy accounts was that they didn’t have to necessarily be personal. You could have a single account defined that was used in practice by multiple people (i.e. as a functional account). In theory this could continue after the migration if a new account is created and linked to an email address that multiple people can access. In most scenarios however the best approach will be to simply create additional Test Bed user roles for the different people that need access.

Depending on your community’s setup this may be something that only your community administrator can do. Otherwise, if your community foresees an administrator per organisation and such a role is assigned to you, you can add new user roles from your organisation’s settings. For details on how to do this see Adding a new user.

What changes after the migration?

The only effect of this migration is a change to the login process and a simplification of user management. All other Test Bed features (e.g. running tests, defining conformance statements, reporting) are not affected.

Logging in

To log in you need to:

  1. Go to the Test Bed’s welcome page.

  2. Click the main Click to log in option

  3. Authenticate against your identity provider (if you don’t have an already open session).

  4. (Only if you have multiple assigned roles) Select the role to connect as.

../_images/welcome_login.png

Adding a new user

To add a new user to your organisation, connect as the organisation’s administrator and select My organisation from the left-side menu to view its details.

../_images/organisation_details.png

From here click the Users tab to list your organisation’s users.

../_images/organisation_users.png

From this tab, clicking Create user will allow to introduce the new organisation user’s information.

../_images/add_member.png

Note that the email address you provide here must be the actual address of the user that is, or will be, linked to her identity provider’s account. Providing this and clicking Save will now display the user, listed currently as Inactive.

../_images/new_member_inactive.png

Being inactive basically means that there is a user role assigned to a person with the given email address that has not been confirmed by the user herself. To do so and activate the role assignment, the user will need to visit the Test Bed’s welcome page and click the shortcut labelled Confirm your new role.

../_images/welcome_confirm.png

This will prompt the user to authenticate with her identity provider’s account and then display a popup listing the role assignment(s) to confirm.

../_images/confirm_popup.png

The user finally confirms the new role by selecting it and then clicking Complete.

Managing assigned roles

You may have multiple roles linked to your account. Managing these is done through your profile’s settings that are accessed by hovering over your name on the top-right and clicking My profile.

../_images/settings.png

The screen that follows displays your currently active role and your available options.

../_images/settings_profile.png

Relevant to your assigned role(s) you can:

  • Click on Remove role from your account to remove the role and log you out.

  • Click on Link another role to your account to link a new role, either by migrating an existing account or confirming a role assigned to you by an administrator.

Note that a shortcut for the second option is also provided to you on the Test Bed’s welcome page.

../_images/welcome_confirm.png

Summary

Congratulations! Having completed this guide you should now be able to migrate your legacy Test Bed account to your organisation’s identity provider. In addition you have an overview of what changes to expect after making the switch.

See also

If your Test Bed instance is using EU Login as its identity provider, you can check the EU Login guide that provides a step-by-step by step explanation on how to check whether you have an account, create a new one, or log in.

For full information on the Test Bed’s features, including the highlights relevant to the migration listed here, check the Test Bed user guide.

The DIGIT Test Bed instance is available at https://www.itb.ec.europa.eu/itb. Regarding EU Login, you can also access the service independently of the Test Bed at https://webgate.ec.europa.eu/cas.