Limitations of Migrating from OpenMRS ID to a new SSO System

Ok, let’s see if I can explain.We have two options to explore:

  • SCIM: we don’t use our own domain, but rather each user come with their own domain
  • IDP / SSO / OAuth / SAML: we have our own domain and allow people to use it to login

We explored SCIM, and now we understand how it works.In order to explore any other option (IDP/Oauth/SAML), we do have to have our own domain. That’s trivial, we just have to buy it. But I do not, DO NOT, want to provide an email box to people with said domain. But I still want people to receive emails from jira, confluence and talk.

So we need to find something that can forward emails. Jira will send emails to , but in reality we will have something that will redirect that email to . What’s that something? To be investigated.

Before we can try IDP/SSO options, we need to find options to redirect emails. I’d think the first step is googling services, applications and everything that offers that. We need to have something that we can automatically add users, change their emails, and ensure it will redirect to the right place.

How do we expect to generate an openmrs mail for the user eg

We won’t. We need a service that will answer any email and redirect them to the right place. We will need to know what ways to register a new email redirect there are.

Do we need to involve the use of an idp or we use the default atlassian id system

Not relevant now. We have to solve the email redirect before trying anything else.

Which default mail will the user initially register with.

Not relevant now. Literally we need to find out options to redirect emails before we can evaluate IDPs or registration.