ProConnect - User and organization mapping

[Gaetanbrl]

Context

As part of ProConnect developments,

A user authenticated via ProConnect can be automatically mapped with an existing organization according to SIRET value returned by ProConnect provider.

Therefore, many uses cases exists.

1. org exists with same SIRET

If true, we will just use existing org with same SIRET.
User will be a attach to this existing org.

2. org exists with an other SIRET

In this case, we will create a new organization with this SIRET.
To create a new one, we will reuse ProConnect informations requested from /userinfo (org LABEL and SIRET).

User will be a attach to this new org.

Only an administrator will be able to update this new org informations.

At this level, wi will not create dedicated (geOrchestra) console web page to create a new organization. Organization will be created from userinfo with default label and SIRET (as uuid)

3. User exists and SIRET match with an other organization

If a user is find by email in geOrchestra, it can be possible to get different organization between ProConnect and geOrchestra.

We always consider ProConnect as source of truth.

Consequently, the SIRET provided by ProConnect will be the user's new organization.
If the targeted organization doesn't exists, user will need to create a new one (see step 2 and step 4).

4. org doesn't exists (no SIRET exists in geOrchestra)

In this case, we will create a new organization with this SIRET as step 2.

User will be a attach to this new org.

Note that ProConnect seems not return organization label. User will be able to complete this value inside "new organization" console page and dedicated inputs.

[landryb]

in which ldap field/attribute the org SIRET code is supposed to be ?

[pierrejego]

I think this point is proposed here #159

[landryb]

thanks, hadnt reached that issue yet :)