New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docs: basic docs for SAML SSO #11288
base: main
Are you sure you want to change the base?
Conversation
We still need to figure out a couple of things, but I think it doesn't hurt to have some basic docs about this feature. Ref #11262
This documentation isn't complete, as the SAML feature isn't complete yet, but should be good enough to guide users that want to beta test it or for ourselves. |
This comment was marked as spam.
This comment was marked as spam.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks really good as a first step to me 馃憤馃徏
User setup | ||
~~~~~~~~~~ | ||
|
||
Using this setup, all users who have access to the configured Okta application will automatically join to your organization when they sign up. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using this setup, all users who have access to the configured Okta application will automatically join to your organization when they sign up. | |
Using this setup, all users who have access to the configured Okta application will automatically join to your Read the Docs organization when they sign up. |
By default, users that sign up with SAML do not have any permissions over any project. | ||
However, you can define which teams users will auto-join when they sign up. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Aren't we creating a team automatically when SAML is enabled on an organization in a similar way as we are doing with Google SSO? If not, we should probably do the same and enable auto-join on that team. I think it's a good idea to keep consistency between these two SSO providers.
Existing users with email addresses from your configured domain will not be required to sign up using SAML, | ||
but they won't be automatically joined to your organization. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there any way to enforce this in the next login after enabling SAML for the organization?
Configure team for all users to join | ||
------------------------------------ | ||
|
||
You can mark one or many teams that users are automatically joined when they sign up with a matching email address. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can mark one or many teams that users are automatically joined when they sign up with a matching email address. | |
You can mark one or more teams that users will be automatically joined when they sign up with a matching email address. |
they may still have access to documentation pages until their session expires. | ||
This is three days for the dashboard and documentation pages. | ||
|
||
To completely revoke access to a user, remove them from all the teams they are part of. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I remember we talked about this a few times, but I'm not sure if we have an issue to track this. I think it's important to find a way of logout the users if they are revoked access. Do we have an issue for this that we can prioritize its research?
We still need to figure out a couple of things, but I think it doesn't hurt to have some basic docs about this feature.
This follows the same structure from other guides related to SSO, preview at https://docs--11288.org.readthedocs.build/en/11288/guides/set-up-single-sign-on-saml.html.
Ref #11262
馃摎 Documentation previews 馃摎
docs
): https://docs--11288.org.readthedocs.build/en/11288/dev
): https://dev--11288.org.readthedocs.build/en/11288/