TrueCloudLab single sign-on¶

TrueCloudLab developer facing services are transitioning to a single sign-on account. Gerrit and Jenkins are using SSO accounts since launch, Forgejo will also switch eventually.

New users¶

TrueCloudLab SSO supports OAuth login via Codeberg or GitHub
If you already have an account at Codeberg or GitHub, click "Sign in with..." icon on SSO page
If you don't have a Codeberg or GitHub account, you should register one first
Accounts with no links to Codeberg or GitHub may be provided in special cases out of band

Forgejo users with existing accounts¶

Open SSO page
Request password reset for the email address you use on Forgejo by clicking on "Forgot password?"
SSO password reset does not affect your current Forgejo password
Proceed with instructions from email
Choose new password
Set up 2FA app (see detailed instructions below)

After obtaining SSO credentials you may them it to log into any of the supported services. There is no need to visit main SSO page again.

Changing user e-mail address¶

Users may change their e-mail address in account settings: https://login.frostfs.info

TrueCloudLab SSO (Keycloak) does not support multiple e-mail addresses per user account.

Multifactor authentication¶

Multifactor authentication is mandatory for SSO accounts.

We recommend FreeOTP but any other TOTP app will also work. Follow the instructions provided by our SSO service when prompted for 2FA configuration or any generic instructions for your app.

Session timeout¶

SSO session timeout should trigger automatic logout:

For default session (without "Remember me" checkmark):
Just before the next day
For long session (with "Remember me" checkmark):
Every two weeks or
After being inactive for more than a weekend (early logout for vacations)

If you feel that current configuration does not match the stated intent or would like to suggest some changes feel free to reach out or to create an issue (link available to TrueCloudLab team members only)