[MAGNOLIA-8825] After login, application needs to show user date and time of last login Created: 22/Feb/23 Updated: 19/Apr/23 Resolved: 29/Mar/23 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 6.3.0, 6.2.32 |
| Type: | Story | Priority: | Major |
| Reporter: | Matt Rajkovic | Assignee: | Nguyen Phung Chi |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Σ Remaining Estimate: | Not Specified | Remaining Estimate: | Not Specified |
| Σ Time Spent: | 9.75d | Time Spent: | 9.75d |
| Σ Original Estimate: | Not Specified | Original Estimate: | Not Specified |
| Attachments: |
|
||||||||||||||||||||||||||||||||||||||||
| Issue Links: |
|
||||||||||||||||||||||||||||||||||||||||
| Sub-Tasks: |
|
||||||||||||||||||||||||||||||||||||||||
| Template: |
|
||||||||||||||||||||||||||||||||||||||||
| Acceptance criteria: |
Empty
|
||||||||||||||||||||||||||||||||||||||||
| Task DoD: |
[X]*
Doc/release notes changes? Comment present?
[X]*
Downstream builds green?
[X]*
Solution information and context easily available?
[X]*
Tests
[X]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
||||||||||||||||||||||||||||||||||||||||
| Release notes required: |
Yes
|
||||||||||||||||||||||||||||||||||||||||
| Date of First Response: | |||||||||||||||||||||||||||||||||||||||||
| Visible to: |
Thomas Duffey
|
||||||||||||||||||||||||||||||||||||||||
| Epic Link: | Display last user logged-in date and time after login | ||||||||||||||||||||||||||||||||||||||||
| Sprint: | AdminX 32 | ||||||||||||||||||||||||||||||||||||||||
| Story Points: | 5 | ||||||||||||||||||||||||||||||||||||||||
| Team: | |||||||||||||||||||||||||||||||||||||||||
| Work Started: | |||||||||||||||||||||||||||||||||||||||||
| Description |
GoalInform the end-user about the date and time of last login immediately after logging in. This requirement comes from a minor nonconformity we have received from both SOC2 and ENS audits. This applies to both SaaS and DX core products, although the non-conformity was detected on self-hosted version of Magnolia. Therefore, to keep the audit, this is needed just for self-hosted. So if you need to implement it differently for self-hosted and for SaaS, you can prioritize Self-hosted first. Further contextFrom had :
Design ideasThis could be implemented as simple text somewhere in the interface right after login, i.e. "Your last recorded login: 2023-02-22, 08:43 GMT" Example from Gmail (similar functionality): Some UI options have been proposed here: https://magnolia-cms.slack.com/archives/C02R765REB0/p1677174441582829?thread_ts=1677070089.382899&cid=C02R765REB0. See the discussion in the thread for more information. DiscoveryProposal solution: For Mgnl user (JCR - Magnolia Default login)
For External user (SSO)
For the UI, we have to implement the text label to show the last login time on Admincentral Home. |
| Comments |
| Comment by Jan Haderka [ 22/Feb/23 ] |
|
mrajkovic are you sure this should be cloud issue? The audit was for self-hosted/on-prem product not for SaaS! |
| Comment by Matt Rajkovic [ 22/Feb/23 ] |
|
Hey had , I got that info from your Slack message "applies to both SaaS and onprem". I've updated the ticket after your clarification that we can only fix self-hosted first. |
| Comment by Jan Haderka [ 23/Feb/23 ] |
Yeah, that was the message i sent before i saw the other issues we had related to saas. In the end we only certify onprem and paas, because we wouldn't be able to implement all that is necessary on saas in time. Plus we are not offering it to customers yet, so there is still time. Sorry for the confusion nonetheless. |
| Comment by Nguyen Phung Chi [ 16/Mar/23 ] |
|
For the record as clarifying with had Question: What we are trying to achieve is to show the timestamp of “previous login” (may use this term to distinct them), am I correct? Answer from Yan:
|
| Comment by Nguyen Phung Chi [ 28/Mar/23 ] |
|
Some important notes for this ticket:
cc had, mrajkovic, brenuart, efochr Please let me know your concern about this. thank you. |
| Comment by Matt Rajkovic [ 28/Mar/23 ] |
|
Hey nguyen.phung, thanks for clearly stating the limitations! Looks cool to me. had , would this be sufficient for now? I think we could also consider implementing this for the Sso-connector module, which might be a very common way our clients use to manage their users. However, I would do that in a subsequent ticket and after a discussion with Services about how to best implement it for the connector modules. What we have implemented in this ticket might however already be enough to pass the audit and already covers Self-hosted and SaaS (through magnolia-sso module). |