My team has informed me that the credentials they used when creating a Predix account originally years back, which included an ge.com email, no longer works.
I suspect this is because the email now uses GE's SSO for ge.com emails as an authentication strategy, therefore custom passwords originally set at the time of registration no longer work.
This poses a big problem, because our entire Predix app and service eco system we've now built can no longer be accessed from an administrative level without direct access to a Manager's password. Since I cannot share my corporate password with my team (that gives them keys to the whole kingdom, and not just Predix now), this prevents my team from ever accessing Predix from an Administrative level.
What's the solution to this? Can we create sub-users via Predix's console that allow them to login and we can grant administrative access to our Org/Space to?
EDIT 1:
Based on the provided link, https://forum.predix.io/articles/28211/faq-predix-ge-sso-federation.html The way it's looking right now, here are the options:
Either I give my SSO and Password to my team members so they can generate a one-time password as needed to push updates
I contact Predix support and have them create a brand new account and transfer all existing services and apps from one account to the other.
Short of that, I would personally have to generate a one-time passcode for them everytime they needed to push changes.
Thank you.
Answer by Greg Stroup · Mar 05, 2018 at 09:11 AM
Are you the only one on your team with a ge.com SSO account? Can't your team use their SSO credentials?
You can create a "system" user from the UAA Dashboard. Create a user without the "ge.com" in the username, and they will be able to log in with a username and password.
(I don't like the new SSO sign on required for Predix, but I think we should be able to make it work.)
Greg, I doubt it is possible to login using the password grant anymore with any other account other than some robot accounts. Give it a try and see if you can do it. But I doubt it will work.
Sorry, please ignore the above comment. I learnt that you can create one system user (functional user) which is not SSO based for running jobs.
Answer by Siva Balan · Mar 05, 2018 at 10:55 AM
Lets say you are the enterprise account admin. You should be able to login to the console of your enterprise org and invite other members of your team as co-developers in that org. The only pre-requisite is that all the other team members should have first created a predix.io account with their GE email address first before you can add them to your enterprise org.
Answer by Brad Manor · Mar 05, 2018 at 07:35 AM
They updated the way you login in FYI...
do a "cf login --sso" from console.
https://forum.predix.io/articles/28211/faq-predix-ge-sso-federation.html
This still requires you to have the SSO and Password to login as the User, which unfortunately is still the core problem.
I've updated my question to reflect your link.