Nuxeo Online Services is being improved to enhance security. This page details what will happen, when, how you could be impacted and how to prepare for the change.
The following changes apply starting from March 2nd, 2020.
- To access Nuxeo Online Services, you need to enter your email address instead of your username in the login page. If you registered for a trial using Google, use the login with Google button.
- URL for the login page is changed to https://auth.nuxeo.com (instead of https://sso.nuxeo.com). If you cannot access it, check with your system administrator that the URL is whitelisted.
- Multi factor authentication can be setup to secure your account. It remains optional, and will be enforced at a later stage. The multi-factor authentication section in this page provides further details.
To use our APIs, for instance in the following cases:
- Registering an instance using nuxeoctl
- Mirroring artifacts using Nexus
- Triggering a Studio project release through the Nuxeo Online Services REST API
- Using a CI/CD chain with Maven
- Using the Nuxeo CLI commmands to import or export a Studio project configuration
- Using the Studio Designer Git Access
No MFA setup is requested.
Nothing changes at this stage.
Multi-factor authentication starts being requested, but not in effect yet.
During this transition period, setting up the MFA will be necessary to finish authenticating. It will not be requested yet when logging in.
Multi-factor authentication comes into effect and is needed to authenticate.
If you have not set up your MFA yet, you will be able to set it up while logging in. This second factor will be requested once a week to authenticate.
When you log into Nuxeo Online Services using the browser, a second authentication factor will be requested to enhance your account security.
These factors can be one of the following:
- Code provided by a smartphone application (most secure)
- Voice call to a phone number
- SMS sent to a phone number (less secure)
This factor needs to be set up starting from March 31, but won't come into effect before April 14.
This change only applies to people using Nuxeo Studio and Nuxeo Marketplace (called developers from here on). It won't have any effect on people working every day in your Nuxeo Server instance, even if this instance is hosted in Nuxeo Cloud.
When authenticating into Nuxeo Studio or Nuxeo Marketplace, developers will be requested to set up a second authentication factor using their phone starting from March 31.
This second factor will be saved for later use, but won't be requested until April 14.
Starting from April 14, the second factor will be requested if it was not saved yet, then will be asked once a week during authentication.
MFA can only be set up when this option becomes active for everyone, currently scheduled on March 31. Until then, any attempt will result in an error 403, as our service provider does not provide an option to allow opt-in.
A token is a randomly generated string that can be used as a replacement for your password when authenticating to our services. It is meant to be used as a replacement for your password in all places where you would need to write down your password, but would rather avoid to disclose it: for instance in configuration files.
Feel free to check our token management documentation for further details.
No hotfix is required.
Latest hotfixes and tool versions only pack additional help to mention tokens instead of passwords when needed, starting from the following versions:
These changes are only visual to clarify how our new authentication system works and have no functional impact.
The same applies for formerly supported releases: no need for code change. Authentication against Nuxeo Online Services when using our command line tools and APIs will have to be done using tokens instead of passwords.
Nuxeo is partnering with Okta, an industry leader around authentication security to bring these changes. They are made as part of our continuous effort to improve security and bring several benefits:
- Storage decoupling: Your password will be stored by our partner Okta. This ensures it benefits from even better protection.
- Stronger authentication system: Partnering with Okta allows us to provide new features to secure your account, like multi-factor authentication.
- Single Sign-On: Signing into Your Nuxeo Online Services account will allow you to access our different services seamlessly, without being prompted for credentials again.