From c372eb7d2054be65d61ff442bebfcaf9d37596d6 Mon Sep 17 00:00:00 2001
From: Tuan Dang <dangtony98@gmail.com>
Date: Wed, 21 Feb 2024 11:20:42 -0800
Subject: [PATCH] Update SCIM docs, disable user management in Infisical if
 SAML is enforced

---
 docs/documentation/platform/sso/azure.mdx                 | 5 +++++
 docs/documentation/platform/sso/jumpcloud.mdx             | 5 +++++
 docs/documentation/platform/sso/okta.mdx                  | 5 +++++
 .../components/OrgMembersSection/OrgMembersSection.tsx    | 2 +-
 .../components/OrgMembersSection/OrgMembersTable.tsx      | 8 ++++++++
 5 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/docs/documentation/platform/sso/azure.mdx b/docs/documentation/platform/sso/azure.mdx
index 35f287cdfa..25303fed6c 100644
--- a/docs/documentation/platform/sso/azure.mdx
+++ b/docs/documentation/platform/sso/azure.mdx
@@ -101,6 +101,11 @@ description: "Configure Azure SAML for Infisical SSO"
 
       To enforce SAML SSO, you're required to test out the SAML connection by successfully authenticating at least one Azure user with Infisical;
       Once you've completed this requirement, you can toggle the **Enforce SAML SSO** button to enforce SAML SSO.
+
+      <Warning>
+         We recommend ensuring that your account is provisioned the application in Azure
+         prior to enforcing SAML SSO to prevent any unintended issues.
+      </Warning>
    </Step>
 </Steps>
 
diff --git a/docs/documentation/platform/sso/jumpcloud.mdx b/docs/documentation/platform/sso/jumpcloud.mdx
index 0366bbf7f0..d25ec0b6da 100644
--- a/docs/documentation/platform/sso/jumpcloud.mdx
+++ b/docs/documentation/platform/sso/jumpcloud.mdx
@@ -81,6 +81,11 @@ description: "Configure JumpCloud SAML for Infisical SSO"
 
       To enforce SAML SSO, you're required to test out the SAML connection by successfully authenticating at least one JumpCloud user with Infisical;
       Once you've completed this requirement, you can toggle the **Enforce SAML SSO** button to enforce SAML SSO.
+      
+      <Warning>
+         We recommend ensuring that your account is provisioned the application in JumpCloud
+         prior to enforcing SAML SSO to prevent any unintended issues.
+      </Warning>
    </Step>
 </Steps>
 
diff --git a/docs/documentation/platform/sso/okta.mdx b/docs/documentation/platform/sso/okta.mdx
index 354cc18000..bac8efb684 100644
--- a/docs/documentation/platform/sso/okta.mdx
+++ b/docs/documentation/platform/sso/okta.mdx
@@ -84,6 +84,11 @@ description: "Configure Okta SAML 2.0 for Infisical SSO"
 
       To enforce SAML SSO, you're required to test out the SAML connection by successfully authenticating at least one Okta user with Infisical;
       Once you've completed this requirement, you can toggle the **Enforce SAML SSO** button to enforce SAML SSO.
+
+      <Warning>
+         We recommend ensuring that your account is provisioned the application in Okta
+         prior to enforcing SAML SSO to prevent any unintended issues.
+      </Warning>
    </Step>
 </Steps>
 
diff --git a/frontend/src/views/Org/MembersPage/components/OrgMembersTab/components/OrgMembersSection/OrgMembersSection.tsx b/frontend/src/views/Org/MembersPage/components/OrgMembersTab/components/OrgMembersSection/OrgMembersSection.tsx
index 246922b586..c73376aba8 100644
--- a/frontend/src/views/Org/MembersPage/components/OrgMembersTab/components/OrgMembersSection/OrgMembersSection.tsx
+++ b/frontend/src/views/Org/MembersPage/components/OrgMembersTab/components/OrgMembersSection/OrgMembersSection.tsx
@@ -46,7 +46,7 @@ export const OrgMembersSection = () => {
   const handleAddMemberModal = () => {
     if (currentOrg?.authEnforced) {
       createNotification({
-        text: "You cannot invite users when org-level auth is configured for your organization",
+        text: "You cannot manage users from Infisical when org-level auth is enforced for your organization",
         type: "error"
       });
       return;
diff --git a/frontend/src/views/Org/MembersPage/components/OrgMembersTab/components/OrgMembersSection/OrgMembersTable.tsx b/frontend/src/views/Org/MembersPage/components/OrgMembersTab/components/OrgMembersSection/OrgMembersTable.tsx
index 5469bbf05e..0f9cfe0438 100644
--- a/frontend/src/views/Org/MembersPage/components/OrgMembersTab/components/OrgMembersSection/OrgMembersTable.tsx
+++ b/frontend/src/views/Org/MembersPage/components/OrgMembersTab/components/OrgMembersSection/OrgMembersTable.tsx
@@ -231,6 +231,14 @@ export const OrgMembersTable = ({ handlePopUpOpen, setCompleteInviteLink }: Prop
                             {(isAllowed) => (
                               <IconButton
                                 onClick={() => {
+                                  if (currentOrg?.authEnforced) {
+                                    createNotification({
+                                      text: "You cannot manage users from Infisical when org-level auth is enforced for your organization",
+                                      type: "error"
+                                    });
+                                    return;
+                                  }
+                                  
                                   handlePopUpOpen("removeMember", { orgMembershipId, email });
                                 }}
                                 size="lg"