Drupal.org blog: Single Sign-On is coming to Drupal.org thanks to Cloud-IAM

The Drupal Association is pleased to announce that we have partnered with Cloud-IAM to deploy secure, GDPR-compliant managed KeyCloak for single sign-on for Drupal.org. 

Using single sign-on for Drupal.org identity management has been a long term goal of the Drupal Association, as it offers a number of benefits: 

  • We can more easily manage authentication across our upgraded Drupal 10 sites, and our legacy Drupal 7 sites while we migrate all of our Drupal.org properties.

  • We can begin to introduce 'social login' allowing new users to create their Drupal.org accounts using external identities they already have - making it easier to jump straight in to contribution, as one example. 

  • Once we establish the appropriate terms of service, we can begin to allow Drupal.org users to use their identity to login to external community sites, such as Drupal Camp websites, and use that to federate data back to Drupal.org. 

We know we wanted to implement KeyCloak as our identity and access management solution under the hood, because it is Open Source, robust, and well supported. 

We reached out to Cloud-IAM because they built their company around providing managed services to support KeyCloak as an open source solution to identity management with a strong SLA, and no vendor lock-in. Wherever possible the Drupal Association looks to work with companies that share our Open Source ethos, and are excited to support the Drupal community. 

Being based in Europe, Cloud-IAM is also a privacy-centric service provider, with robust compliance processes for GDPR that also meet or exceed international standards for other privacy regulations such as CCPA, LGPD, etc. 

To our immense gratitude, Cloud-IAM was not only willing to support us, but excited to partner with us to support the Drupal Community and Drupal project. Based on our experience, we would certainly recommend them to all the Drupal agencies and site owners who are looking for their own solutions for managed IAM based on an open source platform.

In fact - CloudIAM would like to offer the site owners and agencies who are looking for their own identity and access management service 10% off, with promo code: DRUPAL10. You can sign up to try the service for free and then apply the discount to a subscription plan of your choice.

So What's Next?

The Drupal Association has partnered with Tag1Consulting to help us build a migration process for Drupal.org users. In the coming month or so we'll be scheduling the migration of our user database. On the Drupal side, we'll be using the OpenID Connect contrib module. 

The majority of your user profile on Drupal.org will stay the same, you will now just see a Cloud-IAM login/registration flow, and use the Cloud-IAM UI for editing some of the core fields for your user account, like name and email address. The rest remains on your Drupal profile. 

When the migration window is scheduled we'll share in the #drupal_infrastructure channel on Drupal Slack, and repost to our usual drupal_infra social media channels.