Migrating to the new FIRST SSO

Since 2020 the FIRST infrastructure team has run an identity provider (IdP), referred to as FIRST SSO, to secure and control access to FIRST services. This system is used for members, volunteers, event attendees, guests, the board of directors, and the operations team.
There are currently over thirty services, including: FIRST Portal, Slack, Wiki, MISP, API, eVoting, many administrative tools, as well as the recently added Capture the Flag and Learning platforms that leverage FIRST SSO.

Efforts to upgrade and maintain the existing IdP solution became challenging from 2022 onward. A re-evaluation of potential IdP solutions was undertaken, and Auth0 was selected as the replacement.

The migration from the existing IdP to Auth0 was completed over the course of two months moving nearly 3,000 user profiles, releasing enhancements to FIRST Portal (including the new Account Security page), and migrating SAML and OpenIDC configurations for all FIRST services.

The new service provides improved options for multi-factor authentication, including webauthn support (passkeys, biometric, hardware authenticators), improved capabilities for managing role-based access control, and will also operate at nearly a 30% cost savings over the previous solution.

Details on using the system can be found on the SSO documentation page.

Published on FIRST POST: Oct-Dec 2023