Secure authentication and authorization best practices

Hi OpenLMIS community! I’m Amber, the product manager for OpenFn. I’m currently putting together a report covering (and aiming to simplify) best practices around secure authentication and authorization to share with the wider DPG/Global Goods community.

I’d like to make it a more practical guide which ties in examples and learnings from other DPGs’ approaches to authentication, as well as some common gotchas to look out for.

Does anyone here have any learnings they would like to share, or know of any community threads I should be following to learn more about this? Or even better, would anyone be willing to do a quick interview?

To give you a better idea, here are some questions I’d love to ask you:
How did you approach SSO? Figure out user roles and permissions? Do you have any thoughts on different Identity Providers ? Is there anything you wish someone had shared with you before you started your app development ? What are the most important considerations one should have when planning their roadmap for authentication and authorization ?

Thanks in advance, and I look forward to sharing the final result here with you all !