1.

We are not maintaining tenants, Evanios/1 admin tenant IDM/1 admin tenant
evanios_admin
2. Org Admin
3. Deepak/ Roadm
4. We are depended on Rbak, Not directly but through rbac
evanios_managed_role -> IDM All users created in IDM for this purpose
will have evanios managed role

1. For this release we are not going to be subdomain

2. When user logs in we amd then we provide Only during login. If user logs in on
(then we create the user on ev) We are not doing any recheck. only during
logging Login process checks for roles and then assigns a token, we dont recheck
for roles after that.

3. Right now we are only checking for root, in march 2020 we will have structure

eyJjdHkiOiJKV1QiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJpZG0uaHB0cG0uY29tIi
wic3ViIjoiMzAxNWVjNGItYmNkZS00YTViLWI3MTctNDM4ODI1ZDU3M2QyIiwidGVuYW50IjoiM2EzMWQ2M
zEtYzkzZS00MTA2LWI5NDctN2JhYzk3NjJjNTQ4IiwidGVuYW50X3R5cGUiOiJST09UIiwib3JnYW5pemF0
aW9uIjoiRXZhbmlvcyBDb21wYW55IiwidXNlciI6IjMwMTVlYzRiLWJjZGUtNGE1Yi1iNzE3LTQzODgyNWQ
1NzNkMiIsImlhdCI6MTU2NzU4MjQxMiwiZXhwIjoxNTY3NTg2MDEyLCJhdXRob3JpdHkiOiJocHRwbS9ocG
lkIiwibmFtZSI6IkluZHlTdGFjayBBZG1pbiIsImdpdmVuX25hbWUiOiJJbmR5U3RhY2siLCJmYW1pbHlfb
mFtZSI6IkFkbWluIiwiZW1haWwiOiJldmFuaW9zLmluZHlzdGFja0BnbWFpbC5jb20iLCJhdWQiOiIxY2Ji
YWFmOS1jOWQxLTQ2NWItOGRjZS0wMzI3OWEzMDVjZTEiLCJ2ZXIiOiIxLjAiLCJub25jZSI6IjI1YTBmYmU
0LTRmMDItNDEzOS1iZDE3LTdlM2NhZTY4YWQyZCIsInNjb3BlcyI6WyJ1c2VyX2lkZW50aXR5Il0sInRlbm
FudF9zdWJ0eXBlIjpbXSwiaHBpZF90b2tlbiI6ImV5SnJhV1FpT2lKQlkyTmxjM01nVkc5clpXNGdVMmxuY
m1sdVp5QkxaWGtnVUdGcGNpSXNJbUZzWnlJNklsSlROVEV5SW4wLmV5SnpkV0lpT2lKVmMyVnljMXd2WjNF
NGJ6aG5aMkZxYVRVeE5ERjRNM2QxY2pkbk5UZHpPSE55Yld0NGVqY2lMQ0p1WW1ZaU9qRTFOamMxT0RJek5
URXNJbk5qYjNCbElqb2liM0JsYm1sa0lHOW1abXhwYm1WZllXTmpaWE56SUdWdFlXbHNJSFZ6WlhJdWNISn
ZabWxzWlM1M2NtbDBaU0lzSW1semN5STZJbWgwZEhCek9sd3ZYQzlrYVhKbFkzUnZjbmt1YzNSbkxtTmtMb
WxrTG1od0xtTnZiU0lzSW1WNGNDSTZNVFUyTnpVNE16TXhNU3dpYVdGMElqb3hOVFkzTlRneU5ERXhMQ0pq
YkdsbGJuUmZhV1FpT2lKb1oyTnFhamRoVGtzelNqUjFNakpHZW1STE5qUk5lalJTV1VFeFl6VjRjeUlzSW1
wMGFTSTZJbUV1WDFOR2FVbG5JbjAuaHlTX1FmaHBfRnRKbHNtUUV0OUs0eENtZDJ0SW5NajUtQ3NsMG1kQz
FmSlRoX01LOEx2UGVEcGZCNklYT0kxVnJzcFZSeDJxOWpuWWc1cUlnWW05U0s5S3NFRXpjOFNodldOa2YtY
VlHOXNiZld0X19WSzE5M0pvUFpiZFVrZ1FlN0NfSGJHeWhvRzZCb2FKV2dLeTFyLXZaVmhsZ21WLTUwOGlL
emJpZkhWU1FFUDNLQ0tNX2JmSTR2bkFzT0hIa3V5SFQwa2I0Yi1JZEQ2OXJ3TzU1RE9hS2w2ZGZtd2xpZ1d
kZFdObTZVWTJudkRFSE5LZkdaRVNQZUxQbm5qLWFMSUVRbFd5WDJRMUJFM3gyZ0hvYXV0V3NsZ1BvRTYwdT
hLVkFKMmZtaGduNUl6VjlZRXhvR1lLWTJKblBVS3hVWUd0T0RqUEw0ZHkxZElTODZ6WFZ3IiwiYXBwX3Npd
GUiOiJBRE1JTiJ9.zzDpnSRV_1-s83w3wHV5Vfeodw0I7AvEFGVWynKu_YJor2dzy6Q2aAQRkA1-
CMq5qbViZdsqPD1o8jK3cTqvV8sUMVGT2quVlvgL9Ms2RgoiyNPP-RhY-7cbjIKV-
cJlclRjXDI9PMDQeYcBJ9p7vLeXpPy5_2ept14fXVWnFWKpWhxzhJkFHhhwii966ZIvy7jkIOr4DY-
wJQaRRyDPpDkXxYEJzEq0buvyjXT93u33AXSKicmT17LQaH4wdxk543xz86XDPO57qOYdEsuv4sbbg5sGxb
XAMyhCVUc_sJN2sHONGBWjbhCPo4Ur7AUSxU5E_KJfNxqykVrUyDiJGw

4. We persist the IDM token on database. Our backend framework loopback creates a
UID token(Loopback access token).
5. Evanios Admin
6. We make an API call to ourbackend(/oauth/logout) which calls
IDM(/idm/users_sign_out). This is a backend
call(https://usdev.daas.hppipeline.com/idm/users_sign_out?client_id=1cbbaaf9-c9d1-
465b-8dce-03279a305ce1&redirect_uri=https://usdev.daas.hppipeline.com/indy/
It uses internal cookie stored in browser. User is redirected to login
7. Not implemented yet, Loopback
CC ?Shakti Ashirvad? Here comments on the integration

Evanios doesn't hold tenants, we just use the organization id that IDM sends
Currently only HP Users, right now we are only allowing org admin.
This is in the roadmap according to ?Deepak Agarwal?
We are using Rbac for roles check, our frontend uses this for what to display and
our backend just provisions the jwt
w