Secure authentication and authorization best practices

Hi DHIS2 community! I’m Amber, the product manager for OpenFn. I’m currently putting together a report covering (and aiming to simplify) best practices around secure authentication and authorization to share with the wider DPG/Global Goods community.

I’d like to make it a more practical guide which ties in examples and learnings from other DPGs’ approaches to authentication, as well as some common gotchas to look out for.

Does anyone here have any learnings they would like to share, or know of any community threads I should be following to learn more about this? Or even better, would anyone be willing to do a quick interview?

To give you a better idea, here are some questions I’d love to ask you:
How did you approach SSO? Figure out user roles and permissions? Do you have any thoughts on different Identity Providers ? Is there anything you wish someone had shared with you before you started your app development ? What are the most important considerations one should have when planning their roadmap for authentication and authorization ?

Thanks in advance, and I look forward to sharing the final result here with you all !

Hi Amber!

I’m a security engineer at DHIS2, and I have added your question to our next weekly security meeting agenda. We will come back to you with an answer end of next week. I’m 100% sure we can do an interview if wanted.

Kind regards,
Morten

Hi Morten,

Thanks for getting back to me and I appreciate the help!
I look forward to hearing what comes up in the security meeting. With regards to an interview, if I could get an email address I’d be happy to send you or your colleagues my calendar link so that you can book a time that works best for you.

All the best,
Amber

Hi Amber,

Sorry for the delay in my response.
I’ve talked to the security team now, and me and my college are happy to have a meeting with you.
I will direct message you my email.

Kind regards,
Morten