feat(iam): add authentik sso how-to page

pages/iam/how-to/set-up-identity-federation.mdx

@@ -41,7 +41,7 @@ Follow the steps below to set up Identity Federation for your Organization throu
 
 1. Go to your security settings.
 2. Scroll to the **Identity Federation** section.
-3. Click **Set up SSO**. A pop-up appears.
+3. Click **Set up SAML SSO**. A pop-up appears.
 4. Copy the URLs displayed in the pop-up.
 
     The information in the first step are the URLs referring to Scaleway that will be requested by your Identity Provider to create a link between platforms. They are:
@@ -73,7 +73,7 @@ Follow the steps below to set up Identity Federation for your Organization throu
     <Message type="note">
       You can close the Identity Provider pop-up without adding the certificate right away. The certificate can [be added at a later time](#how-to-add-a-certificate). However, while the certificate is not added, the connection between Scaleway and your Identity Provider will not be complete and the SSO feature will not work for your Organization members.
     </Message>
-9. Click **Complete setup**.
+9. Click **Complete set up**.
 
 Once setup is complete, members can log in via SAML.
 

pages/iam/how-to/set-up-sso-with-authentik.mdx

@@ -0,0 +1,91 @@
+---
+title: How to set up SSO with Authentik
+description: This page helps you to implement Single Sign-On in your Organization with Authentik 
+dates:
+  validation: 2025-11-27
+  posted: 2025-11-27
+---
+import Requirements from '@macros/iam/requirements.mdx'
+
+Scaleway supports Identity Federation to provide your teams with secure access to their accounts via SAML Single Sign-On.
+
+<Message type="note">
+  SSO with SAML does not apply to an Organization's Owner. Owners can log in with SSO with OAuth2.
+</Message>
+
+Follow the steps below to set up Identity Federation for your Organization through SAML at Scaleway.
+
+<Requirements />
+
+- A Scaleway account logged into the [console](https://console.scaleway.com)
+- [Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization
+- Authentik instance and user allowing you to perform admin actions.
+
+## Create a new Identity Provider
+
+### On Scaleway console
+
+1. Go to your security settings.
+2. Scroll to the **Identity Federation** section.
+3. Click **Set up SAML SSO**. A pop-up appears.
+4. Click **Start**
+5. Open another tab to start IdP configuration on Authentik.
+
+### On Authentik
+
+1. Go to **Providers** section.
+2. Click **Create**. A pop-up appears.
+3. Choose **SAML** provider type.
+4. Click **Next**.
+5. Fill the configuration form.
+    - Name: "Scaleway IDP"
+    - ACS URL: **Assertion consumer service (ACS) URL** (from Scaleway tab)
+    - Issuer: **Scaleway Entity ID**  (from Scaleway tab)
+    - Service Provider Binding: Select **Post**
+    - Advanced protocol settings
+        - Signing Certificate: Select **authentik Self-signed Certificate**
+        - Toggle **Sign assertions** and **Sign responses** on
+        - NameID Property Mapping: Select **authentik default SAML Mapping: Username**
+6. Click **Finish**
+7. Click on your newly created Provider in the list.
+8. Click the **Create** button below **Assigned to application**. A pop-up appears.
+9. Fill the configuration form.
+    - Name: "Scaleway"
+    - Provider: Select **Scaleway IDP**
+10. Click **Create**
+11. Copy the **SSO URL (Post)**
+12. Go back to Scaleway Console tab.
+
+### On Scaleway console
+
+1. Fill the form
+    - Single Sign-On (SSO) URL: Paste previously copied **SSO URL (Post)**
+    - Identity Provider Entity ID: Copy the **EntityID/Issuer** from Authentik
+2. Click **Confirm**.
+3. Download the signing certificate from Authentik and copy its content.
+4. Enter the signing certificate in the box.
+    <Message type="important">
+    Keep in mind that:
+    - Only base64-encoded certificates are supported.
+    - The certificate must have an expiration date.
+    - Your certificate entry must start with:
+        ```
+        -----BEGIN CERTIFICATE-----
+        ```
+        And end with:
+        ```
+        -----END CERTIFICATE-----
+        ```
+    </Message>
+
+    <Message type="note">
+      You can close the Identity Provider pop-up without adding the certificate right away. The certificate can [be added at a later time](#how-to-add-a-certificate). However, while the certificate is not added, the connection between Scaleway and your Identity Provider will not be complete and the SSO feature will not work for your Organization members.
+    </Message>
+9. Click **Complete set up**.
+
+Once setup is complete, members can log in via SAML.
+
+<Message type="important">
+  - In order to log in via SAML, members need to be [created manually](/iam/how-to/manage-members/#how-to-create-a-member) in your Scaleway organization.
+  - If you delete a user in the IdP, the corresponding Member is not automatically deleted in your Scaleway Organization. The [deletion must happen manually](/iam/how-to/manage-members/#how-to-delete-a-member).
+</Message>