Staff Portal SSO Migration
Description
Migrate staff portal login from username/password to SSO via Azure AD. Eliminates password reuse risk, reduces IT support tickets for password resets, and gives Jordan centralised access control.
Scope
Objective
Replace local auth with Azure AD SSO across the APDglobalX portal and all bot subdomains.
Deliverables
- Azure AD app registration complete
- OAuth 2.0 callback implemented and tested
- 5 staff accounts migrated and verified
- Fallback admin auth documented
Acceptance Criteria
- Staff can log in via Microsoft SSO with no password prompts
- Failed SSO attempts are logged
- Jordan retains owner-level override access
- Zero downtime migration
Milestones
- Azure AD app registered
- OAuth callback live on staging
- Staff pilot (5 accounts)
- Full cutover
Estimated: 40 hours
Tasks
| Task | Assignee | Alloc / Logged | Status | Due | Completed | Update |
|---|---|---|---|---|---|---|
| Audit current auth flow and document dependencies | Alex Chen | 6h / 6h | done | 11/04/2026 | 10/04/2026 | |
| Set up Azure AD app registration | Alex Chen | 4h / 4h | done | 14/04/2026 | 15/04/2026 | |
| Implement OAuth 2.0 callback handler | Alex Chen | 12h / 6h | in-progress | 22/04/2026 | — | |
| Test SSO with 5 staff pilot accounts | Alex Chen | 6h / 0h | blocked | 25/04/2026 | — | |
| Document fallback admin auth and cutover runbook | Alex Chen | 4h / 0h | pending | 26/04/2026 | — |
New Task
This Week's Deliverable
OAuth callback live on staging, tested with 2 accounts
Notes: Blocked on IT admin provisioning test accounts in Azure. Chasing Jordan for approval.
Impact Score
Business Impact4/5
Staff Benefit5/5
Complexity3/5 (lower better)
Time Saved3 hrs/wk
Money Saved$200/mo
RAG Status
RAG History
amber — 14/04/2026: Progress slower than expected. Test accounts still not provisioned.
green — 07/04/2026: Kicked off, scope clear.