Login and SSO with ObjectRocket

Along with the launch of our new hosting platform, ObjectRocket is rolling out a brand new login system that will allow us to provide all new features like:

  • Role Based Access Control (RBAC) : You will be able to add multiple users on the same account with varying permissions
  • Multi-factor Authentication (MFA) : You will be able to secure your account with a second form of identification
  • Single Sign-On (SSO) : You’ll be able to use both ObjectRocket user interfaces with the same credentials

We currently have two login options, but will soon be consolidating to a single login system that provides all of the features listed above. Our current systems are:

  • https://app.objectrocket.com : Our existing login system and User Interface. Here you can find MongoDB, Redis, and existing Elasticsearch service.
  • https://app.objectrocket.cloud : Our new login system and User Interface, called Mission Control. Here you can find our new CockroachDB, PostgreSQL, and Elasticsearch services. Soon, we will be directing all traffic here.

Attention

In September 2019, we will start directing all sign-in traffic from www.objectrocket.com to the new login, https://app.objectrocket.cloud, where we can migrate your existing account to a new account on our new platform.

Logging in at https://app.objectrocket.com will work as it always has for the foreseeable future, with the addition of a button to log in using SSO from the new login system.

Migrating your account

Please read below for more information on how account linking and migration will work.

If you log in by entering credentials in the screen below

_images/com_login.png

You’re using our existing service and are able to automatically migrate your account to our new login system.

We link your account and perform migration based on the email registered with your ObjectRocket account, so migration works as follows:

  1. After our login transition, go to https://app.objectrocket.cloud
  2. Log in with the email registered on your ObjectRocket account and your password
  3. Fill in a few fields to complete migration
  4. Follow the links to your instances

Note

For some customers the email registered with your ObjectRocket account doesn’t match the username you log in with. For migration to work, you must use the email registered with your account.

You can verify the email for your account on the account information page.

If you log in by clicking the blue button in the screen below

_images/com_login.png

You’re a Rackspace customer and use your Rackspace cloud credentials to log in, you can continue to do the same. Your credentials will work on both platforms. No migration is necessary. You can:

  1. After our login transition, go to https://app.objectrocket.cloud
  2. Click the “Log in with Rackspace” button
  3. Fill in a few fields to create an organization on the new platform
  4. Follow the links to your instances

If you log in by entering your credentials in the screen below

_images/cloud_login.png

There’s nothing left to do. You’re already using our new platform!

If the email you used to sign up matches your email on the existing platform, we’ll automatically link the accounts and enable Single Sign-On between our two UIs.

How Does Account Migration Work

When building our new login system, we decided to use the Auth0 authentication and authorization platform. Auth0 is a leader in this space and has enabled us to build a secure, stable, and feature-rich identity system. Among those features is the built-migration tooling that enables us to migrate customers from our ObjectRocket-native login system to the Auth0 identity service. Here’s how this works:

  1. You enter your credentials at our new Auth0-powered login site.
  2. The service checks if your login exists in our Auth0-powered system. If so, we just authenticate and log you in.
  3. The service then checks if your login exists in our existing ObjectRocket-native auth system. If so, we use the credentials you just provided to create an account on the new system and link it to the account in the existing system.
  4. We log you in and enable SSO between the two user interfaces.

Attention

To support additional security features on the new platform, our new login system only accepts email, rather than a username or email. Therefore, we link your existing and new account based on the email address registered to your ObjectRocket account. You can verify the email registered to your existing account, in the account information page.

Single Sign-On Between UIs

Once your account has been migrated to our new service, you can easily navigate from our new UI, Mission Control, to the UI for Redis, MongoDB, and existing Elasticsearch instances by clicking various links in Mission Control that will sign you in to the other UI using SSO.

Soon, we will list all of your instances in Mission Control, but for now, you will need to navigate to the existing UI.

You can find links to the the existing UI:

  • In the Profile menu in the upper right
  • In the Instance List screen above active instances