Onboarding New DESC Members - LSSTDESC/slac-authentication-transition GitHub Wiki
After you receive your Welcome Letter from DESC, you should expect to receive an email from SLAC IT with the Subject: Collaborator Invitation to SLAC resources
To reduce the chances of missing this email, please do the following:
- Whitelist the domain slac.stanford.edu in your email application
- Search for email with the subject: "Collaborator Invitation to SLAC resources LSST_DESC"
- If you do not receive this email from SLAC IT within a week of receiving your "DESC Welcome Letter", please reach out on Slack #desc-help or send email to [email protected].
Once you receive the email invitation, please follow the instructions carefully. If at any time you have questions, reach out on #desc-help or via email to [email protected].
If you are also working with Rubin, USDF, or commissioning, please let DESC know, by reaching out on LSSTC Slack #desc-help or email [email protected], rather than continuing with the invitation below. If your work with Rubin means you already have or are applying for a SLAC Computing account, we can work with Rubin to coordinate setting up your SLAC Computing account to access DESC resources
Detailed Instructions for handling the SLAC Invitation email
Step 1
Is a test to see if you have access to an "identity provider" which is acceptable to SLAC. If you have a SLAC Computing account, you would use SLAC as your Identity Provider. Without a SLAC Computing account, you should find an institution where you have an account. See the textbox at the bottom of the page where it says "Enter Identity Provider Here". This institution will most likely be your home institution, but it could be another institution that you are associated with.
Please note, it is very tedious to work with the drop-down menu of identity providers. Try using the text search if possible.
- If you cannot find your institution, you will be directed to Step 3. Please also inform DESC by sending email to [email protected] or on Slack #desc-help.
- If you find your institution, select it, and try to log in with your institutional credentials. Use you institution username.
- If your login is successful, you will see a "Congratulations!" message on the web form.
- Click the Continue button
- If your SLAC-recognized federated institution does not provide the required set of attributes required to authenticate with SLAC, you will see an error message, following by an example email to send to your institution's IT department.
- If your login is successful, you will see a "Congratulations!" message on the web form.
While we believe the improved error handling in the SLAC IT invitation process will help identify all error conditions, it is possible there will be other problems completing the invitation process that we have not yet accounted for. If your institution appears in the list of identity providers and you are able to log in with your credentials, but encounter an error during Step 1 and/or Step 2, please reach out on Slack #desc-help or [email protected], provide the full error message, and do not proceed to Step 3 It is possible the problem is due to your federated institution's identity provider - see here.
If you do not receive an error when logging into your SLAC-recognized federated institution and you click Continue: an email from the SLAC Identity Portal will be sent to you with the subject: Invitation to join SLAC Identity Portal
This is the beginning of the second part of Step 1, where you register with the SLAC Identity Portal
The email with Subject: **Invitation to join SLAC Identity Portal" will include a web link that you should click to open another web form
Please note - this link expires when it is clicked, you can only visit this link once.
You must complete all of the following steps, through clicking the "Submit" button. Otherwise, the process is aborted and we have to ask SLAC IT to reset your SLAC Identity Portal registration.
- click Accept, then continue and agree to the SLAC "Terms and Conditions" by doing the following:
- Click "Review Terms and Conditions"
- Click "I Agree"
- Click "Submit"
When you have completed this step successfully you should see (if you do not see this screen, something has gone wrong):
Once you click Submit and see the "Thank you for accepting the invitation" message, you will receive another email from the SLAC Registry Service confirming your initial registration has been completed and you will be told to complete Step 2 (rename).
Step 2 Wait for Confirmation
You will receive a confirmation from Heather Kelly ([email protected]) to let you know that your account has been set up for SLAC Confluence. Please note it will take at least one business day for the SLAC Confluence administrators to grant you access to the DESC Confluence space.
Once you receive that confirmation email, please test logging into DESC Confluence (https://confluence.slac.stanford.edu/display/LSSTDESC/Home) using the same Federated Login you used in Step 1.
If you get to this point - you are done! No need to move on to Steps 3 or 4.
Step 3 Non-Federated Registration - Only move on to this step if you were unable to successfully complete Steps 1 and 2.
If you were not able to find a federated login that is acceptable to SLAC, you will need to register for a SLAC Computing account. There will be a web link in the first email you received that is used to initiate this process. It will take several weeks for you to receive a new SLAC Computing account.
Step 4: Rename Confluence/Jira Username to SLAC Username Only Do this if you are not a new DESC Member
Login to SLAC Confluence using the same Federated Login you used in Step 1: https://confluence.slac.stanford.edu/ If successful, you’re done!
Please note it will take at least one business day for the SLAC Confluence administrators to grant you access to the DESC Confluence space: https://confluence.slac.stanford.edu/display/LSSTDESC/Home
Logging into SLAC Confluence using your Federated Identity
If you are a SLAC Computing account holder - please see these instructions instead.
Once you complete the invitation process, you should test logging into SLAC Confluence and PubDB using your federated identity credentials.
Please be aware that PubDB updated 6 times a day with the new usernames so that DESC members can log in. Please wait a few hours and then try to log into PubDB.
When you visit a SLAC web application such as the DESC space in SLAC Confluence and click "Log in", you will see a login screen:
Click "Federated Identity"
On the next screen, find your institution by using the text box at the bottom where it says "Enter Identity Provider Here", click the institution's name and provide your credentials.
If all is well, you should be logged into SLAC Confluence and see your username displayed in the top right of the screen.