Problem
Customer needs to switch from one authentication method to another.
Bulk migration
https://docs.mattermost.com/manage/mmctl-command-line-tool.html#mmctl-user-migrate-auth
Mmctl can be used to bulk migrate users from one authentication method to another. We currently support going from email, gitlab, google, ldap, office365, or saml -> ldap or saml
Individual user migration
Currently the system allows switching via Email/Password. First any authentication method needs to be switched to Email then only can it be switched to any other method.
Users and Admins can both switch to Email but only users themselves can switch from Email to any other auth method.
Process:
- Enable the auth method you want your users to switch to in system console.
- Ensure
ServiceSettings.ExperimentalEnableAuthenticationTransfer
is set to true. - If your current authentication isn't email/password you will need to migrate to email/password first. This can be done by either an admin or the users themselves.
-
Admins: System Console -> User Management -> Users -> Open Dropdown and Click
Switch to Email/Password
-
Users: Profile -> Security -> Sign-in Method -> Click on
Switch to Email/Password
-
Admins: System Console -> User Management -> Users -> Open Dropdown and Click
- Users can now switch their auth methods: Profile -> Security -> Sign-in Method -> Click on
Switch to AD/LDAP(Other Auth Method)
Note:
When switching to SAML, the mmctl command can be used even for Individual user migration by providing a json file with the usernames and emails of all users to migrate to SAML.
Comments
Article is closed for comments.