The transition to Platform One Single Sign-On (P1 SSO) is complete. Scroll down for more information.

What is Platform One SSO?

Platform One Single Sign-On (P1 SSO) allows us to provide access to different apps using the same login based on an open source identity service called Keycloak. In other words, you will have one login to access apps such as Mattermost, Jitsi, GitLab, etc. It also gives us the capability to have multiple login methods on the same account, meaning you'll be able to use a username, password and MFA to log in at home while using a CAC to log in at work. These changes will be rolling out in two phases:

Phase 1 is complete! If you were previously logging into Mattermost using username/password/MFA, you will now log in using P1 SSO.

Phase 2 is complete! If you were previously logging into Mattermost using the AF Portal Login button, you will will now use the Platform One SSO button. You can also use both username/password/multi-factor authentication (MFA) and CAC on the same P1 SSO account.

What do I need to do?

If you were previously clicking the AF Portal Login button to log in:

Your account has been automatically migrated to P1 SSO. You will now use the "Platform One SSO" button to log in. If need also need the ability to log in without a CAC, you can set up a password and multi-factor authentication (MFA) on your account by going to https://login.dsop.io/ to access your profile. From here, click the "Password" tab to set a password. You will also need to click the "Authenticator" tab to set up multi-factor authentication (MFA).

If you click the Platform One SSO button to log in:

If you currently log into Mattermost using P1 SSO (username/password/MFA), you now have the option to enable the CAC sign in. This allows you to log in using a username/password/MFA or a CAC. To set up CAC login:

  1. Insert CAC into the CAC reader. Ensure the lights stop flashing before continuing.
  2. Navigate to https://login.dsop.io.
  3. You will be prompted to authenticate with the CAC. The first time you do this, you will receive a message stating a new DoD CAC was detected. Log in using your username, password and MFA at which point you will recieve a prompt to confirm your CAC (pictured below) which will associate it with your P1 SSO account. Now when you sign in from a computer with a CAC, you will simply authenticate using the CAC.
  4. You may now navigate to https://chat.collab.cdl.af.mil or https://chat.il2.dsop.io for the appropriate chat server you are on, and should be automatically logged into MatterMost
  5. From now on when you click the Platform One SSO button to login to Mattermost it will attempt use CAC to authenticate if it is inserted. If not, it will require you to enter username, password, and MFA.

  6. NOTE: The Mattermost desktop client has a known issue where it will ask for CAC regardless if it's inserted and will not allow username/password login. Use a web browser until the issue is resolved.

If you are a Mattermost user that hasn't logged in for a while:

If you had a Mattermost account but have not logged in recently (since approximately 15 May), your account was migrated to P1 SSO and you will need to finish setting it up. Click here for instructions on how to finish migrating your account.

If you are a new user to the platform:

If you need to set up a new account (i.e. you never had a Mattermost account), new Mattermost accounts are now created through P1 SSO. Click here for setup instructions.

FAQ

Why is this change necessary?

  • Platform One Single Sign-On (P1 SSO) gives us the ability to provide access to different apps such as Mattermost, Jitsi, GitLab, etc. using one login. This prevents having to create a new account for each app or service we release. Additionally, using P1 SSO will allow users to have multiple login methods such as username, password and MFA at home and using a CAC to login at work. Some of these changes were also made to help improve security.

  • Why do I have to set up a new password and MFA again?

  • Unfortunately, we are not able to migrate passwords from Mattermost. However, you can use the same password you were using in Mattermost as long as it contains two special characters. Since the P1 SSO is a different login service, MFA must be setup again.

  • When setting up MFA, why do I keep getting "Invalid authenticator code"?

  • Make sure you are scanning the QR code with the MFA app on your mobile device. This will produce a MFA token (6-digit number) that changes every 30 seconds. Type in that 6-digit number (e.g. 123456) with no spaces.
  • If the MFA token is not accepted, you will receive the "Invalid authenticator code" error. You must re-scan the QR code again which creates another MFA token (another 6-digit pin that is changing every 30 seconds). You must use the new 6-digit pin (you can delete the old ones).
  • Your phone time may be out of sync. Check your phone's settings to make sure the time is updating automatically. If you're using Google Authenticator on Android, try the Sync Now feature to update the time.
  • Click here for a guide on the steps mentioned above.

  • Why am I not receiving a password reset email from P1 SSO?

  • Try having the email sent again and make sure to check your junk email folder.
  • If you accidently tried logging in using your old Mattermost credentials more than five times, your account is likely locked out. Contact a team admin or email us at help@dsop.io to have your account unlocked.
  • If you created your Mattermost account after 19 May, your P1 SSO account may not have been automatically created. Ask a team or system admin for an invite link to create a P1 SSO account. Alternatively you can send a request to help@dsop.io.

  • How do I update my profile?

  • Log into your account at https://login.dsop.io which will bring you to your account settings page where you will be able to update your profile.

  • How does a new user create an account?

  • New Mattermost accounts are now created through P1 SSO. Click here for instructions.

  • How do I reset/set up MFA again (e.g. new or lost mobile device)?

  • Click here for instructions on resetting MFA on your account.

  • I have multiple Mattermost and/or P1 SSO accounts, can I combine them?

  • Unfortunately, there is no way for us to combine accounts. We can deactivate whichever account you will no longer be using. Let your team admin know which account (email address) you will no longer be using or email us directly at help@dsop.io.

  • Why am I getting a "X509 certificate's authentication failed." when trying to log in with a CAC?

  • Your account is likely locked or may be experiencing issues from the migration to P1 SSO. Please email us at help@dsop.io and we should be able to quickly resolve the issue.

  • Where can I get more information on using Mattermost?

  • Check out the official user guide for information on using Mattermost.

  • I have another question or need additional help. Who do I contact?

  • Contact your team admin for additional assistance. If you're not sure who your team admin is or can't get a hold of them, email us at help@dsop.io.