diff --git a/umbraco-cloud/.gitbook/assets/auth0-portal-callback.png b/umbraco-cloud/.gitbook/assets/auth0-portal-callback.png
new file mode 100644
index 00000000000..152494af841
Binary files /dev/null and b/umbraco-cloud/.gitbook/assets/auth0-portal-callback.png differ
diff --git a/umbraco-cloud/.gitbook/assets/org-menu-login-providers.png b/umbraco-cloud/.gitbook/assets/org-menu-login-providers.png
new file mode 100644
index 00000000000..391ac107b62
Binary files /dev/null and b/umbraco-cloud/.gitbook/assets/org-menu-login-providers.png differ
diff --git a/umbraco-cloud/.gitbook/assets/org-menu-overview.png b/umbraco-cloud/.gitbook/assets/org-menu-overview.png
index 93eb5bffe47..4d548e971d8 100644
Binary files a/umbraco-cloud/.gitbook/assets/org-menu-overview.png and b/umbraco-cloud/.gitbook/assets/org-menu-overview.png differ
diff --git a/umbraco-cloud/.gitbook/assets/organization-elp-audit-screen.png b/umbraco-cloud/.gitbook/assets/organization-elp-audit-screen.png
new file mode 100644
index 00000000000..d409302f1db
Binary files /dev/null and b/umbraco-cloud/.gitbook/assets/organization-elp-audit-screen.png differ
diff --git a/umbraco-cloud/.gitbook/assets/organization-elp-project-permission-add.png b/umbraco-cloud/.gitbook/assets/organization-elp-project-permission-add.png
new file mode 100644
index 00000000000..071594bb8f5
Binary files /dev/null and b/umbraco-cloud/.gitbook/assets/organization-elp-project-permission-add.png differ
diff --git a/umbraco-cloud/.gitbook/assets/organization-elp-project-permission-screen.png b/umbraco-cloud/.gitbook/assets/organization-elp-project-permission-screen.png
new file mode 100644
index 00000000000..416651bb8ec
Binary files /dev/null and b/umbraco-cloud/.gitbook/assets/organization-elp-project-permission-screen.png differ
diff --git a/umbraco-cloud/.gitbook/assets/organization-elp-signin-url.gif b/umbraco-cloud/.gitbook/assets/organization-elp-signin-url.gif
new file mode 100644
index 00000000000..35f22e78dc1
Binary files /dev/null and b/umbraco-cloud/.gitbook/assets/organization-elp-signin-url.gif differ
diff --git a/umbraco-cloud/.gitbook/assets/organization-external-login-provider-configuration.png b/umbraco-cloud/.gitbook/assets/organization-external-login-provider-configuration.png
new file mode 100644
index 00000000000..8ff5655784c
Binary files /dev/null and b/umbraco-cloud/.gitbook/assets/organization-external-login-provider-configuration.png differ
diff --git a/umbraco-cloud/.gitbook/assets/organization-external-login-provider.png b/umbraco-cloud/.gitbook/assets/organization-external-login-provider.png
new file mode 100644
index 00000000000..33c04a915fd
Binary files /dev/null and b/umbraco-cloud/.gitbook/assets/organization-external-login-provider.png differ
diff --git a/umbraco-cloud/SUMMARY.md b/umbraco-cloud/SUMMARY.md
index a3b5a10f4ba..39fb95541bd 100644
--- a/umbraco-cloud/SUMMARY.md
+++ b/umbraco-cloud/SUMMARY.md
@@ -18,7 +18,8 @@
* [Migrate to Umbraco Cloud](begin-your-cloud-journey/creating-a-cloud-project/migrate-to-umbraco-cloud.md)
* [Baselines](begin-your-cloud-journey/creating-a-cloud-project/baselines.md)
* [The Cloud Portal](begin-your-cloud-journey/the-cloud-portal/README.md)
- * [Organizations](begin-your-cloud-journey/the-cloud-portal/organizations.md)
+ * [Organizations](begin-your-cloud-journey/the-cloud-portal/organizations/README.md)
+ * [Organization Login Providers](begin-your-cloud-journey/the-cloud-portal/organizations/organization-login-providers.md)
* [Payments](begin-your-cloud-journey/the-cloud-portal/payments.md)
* [Project Features](begin-your-cloud-journey/project-features/README.md)
* [Environments](begin-your-cloud-journey/project-features/environments.md)
diff --git a/umbraco-cloud/begin-your-cloud-journey/the-cloud-portal/organizations.md b/umbraco-cloud/begin-your-cloud-journey/the-cloud-portal/organizations/README.md
similarity index 76%
rename from umbraco-cloud/begin-your-cloud-journey/the-cloud-portal/organizations.md
rename to umbraco-cloud/begin-your-cloud-journey/the-cloud-portal/organizations/README.md
index f59d2d1c9a7..eafd1e97e6b 100644
--- a/umbraco-cloud/begin-your-cloud-journey/the-cloud-portal/organizations.md
+++ b/umbraco-cloud/begin-your-cloud-journey/the-cloud-portal/organizations/README.md
@@ -1,12 +1,12 @@
# Organizations
-On Umbraco Cloud it is possible to setup an Organization. An organization is handy if you are managing many projects for different customers. It is also handy if you need to manage permissions for multiple users (such as developers, content editors etc.).
+On Umbraco Cloud, it is possible to set up an Organization. An organization is handy if you are managing many projects for different customers. It is also handy if you need to manage permissions for multiple users (such as developers and content editors.
With an organization, you get an overview of all projects and members that are part of it. You can also manage payment methods for projects, as well as many other functions outlined on this page.
In the following sections, we will go through the different options that are available to an Organization:
-
Organization Overview
+
Organization Overview
{% hint style="info" %}
Are you interested in getting an organization, or need a project added to a different organization? Please reach out to the Support Team in the small chat box in your [project overview](https://www.s1.umbraco.io/projects).
@@ -18,13 +18,13 @@ Are you interested in getting an organization, or need a project added to a diff
In the **Information** section of the Organization, you can find all the details about your Organization. If there are any changes to your details, you can change them here.
-
+
### Members
In the **Members** section, you can view current members, pending invites, and see the Multi-Factor Authentication (MFA) status for the Members of your Organization. You can also set up different permissions for your Members, such as Read, Write, and Administrators for your organization by adjusting their **Roles**.
-
+
Members added to your organization can see different details about their organization based on the user group they are added to. Currently there are three different groups, **Read**, **Write** and **Admin**. Below you can see what each user group has access to under the organization they are a part of.
@@ -66,7 +66,7 @@ Being a Member of an organization does not give access to any projects under it.
When working in organizations on Umbraco Cloud, as a company, you can enforce a certain type of Multi-Factor Authentication (MFA) method for members.
-
+
Administrators of Organizations on Umbraco Cloud can enforce MFA for specific members of their organization.
@@ -84,7 +84,7 @@ Once it has been enabled, the next time the member logs in, they will be forced
In the **Projects** section, you can get an overview of all the Projects that have been created in your Organization.
-
+
It is possible to see the plan, project status, payment status, creation date, region, and number of environments for each of your projects.
@@ -103,15 +103,25 @@ In the **Access Rights** section, you can get a list of all the Access Rights yo
In the **Payment Methods** section, you can view the payment methods for your organization. From here, you can add or delete credit card details for your Organization. These payment options will be used, when you create new projects under your organization.
-
Payment methods
+
Payment methods
### Payment History
In the **Payment History** section, you can see the payment history for your organization.
## Insights
-
Insights section
+
Insights section
### Sustainability
-The Sustainability Dashboard is designed to help users monitor and improve the environmental impact of their websites on Umbraco Cloud. For more information, see the [Sustainability Dashboard](../../optimize-and-maintain-your-site/monitor-and-troubleshoot/sustainability-dashboard.md) article.
\ No newline at end of file
+The Sustainability Dashboard is designed to help users monitor and improve the environmental impact of their websites on Umbraco Cloud. For more information, see the [Sustainability Dashboard](../../../optimize-and-maintain-your-site/monitor-and-troubleshoot/sustainability-dashboard.md) article.
+
+## Login Providers
+
+
Insights section
+
+The **Login Providers** section enables you to configure access to the Umbraco Cloud Portal and Projects.
+
+The section also offers the possibility to follow Sign-ins and changes to Login Provider configurations.
+
+Learn more about Login Providers for your Organization in the [Organization Login Providers](organization-login-providers.md) article.
diff --git a/umbraco-cloud/begin-your-cloud-journey/the-cloud-portal/organizations/organization-login-providers.md b/umbraco-cloud/begin-your-cloud-journey/the-cloud-portal/organizations/organization-login-providers.md
new file mode 100644
index 00000000000..63cc6b3965c
--- /dev/null
+++ b/umbraco-cloud/begin-your-cloud-journey/the-cloud-portal/organizations/organization-login-providers.md
@@ -0,0 +1,316 @@
+---
+description: Learn how to configure and use external login providers via your Umbraco Cloud organization.
+---
+
+# Organization Login Providers
+
+{% hint style="info" %}
+
+**Beta feature**. Help improve the feature by [reporting feedback](mailto:beta-cloud-portal-login-providers@umbraco.dk).
+
+{% endhint %}
+
+The External Login Providers feature in Umbraco Cloud enables you to integrate third-party authentication systems for managing Portal user logins securely and efficiently. This functionality is built for teams that want to manage login using an existing identity setup.
+
+Using OpenID Connect, Umbraco Cloud supports external login providers like Microsoft Entra ID, Auth0, and Google. The feature helps administrators manage backoffice access, assign user roles, and improve security.
+
+{% hint style="info" %}
+
+This is exclusively for Cloud Portal access and access to Project features only available within the portal. [You can see how to set up External Login Providers for the Backoffice on Cloud Projects in this article](../../project-features/external-login-providers.md).
+
+{% endhint %}
+
+## External Login Providers
+
+{% hint style="info" %}
+The Organization Areas are only available for users logged in with Umbraco ID. Additionally, the Login Providers Section can only be accessed by a user who has Admin rights to the Organization.
+{% endhint %}
+
+This guide shows you how to set up and configure external login providers for the Cloud Portal, including related Project Permissions. It includes the following steps:
+
+1. [Prepare your Login Provider](#prepare-your-login-provider)
+2. [Register the login provider in the Cloud Portal](#register-the-login-provider-in-the-cloud-portal)
+
+### Prepare your Login Provider
+
+{% tabs %}
+{% tab title="Microsoft Entra ID" %}
+
+1. Access the Microsoft Azure Portal.
+2. Locate the Microsoft Entra ID and enter your tenant.
+3. Select **Add**.
+
+
+
+4. Choose **App registration**.
+5. Register your app.
+ * Ignore the Redirect URI as that will be covered later in the guide.
+
+
+
+6. Click **Register**.
+
+Once the app has been registered, locate and note down the following keys.
+
+* **Application (client) ID** - found on the **Overview** page for the app.
+* **Authority URL** - available from **Endpoints** on the **Overview** page.
+* **Secret ID** - needs to be generated on the **Certificates & Secrets** page.
+
+These keys will be used to set up the login provider on Umbraco Cloud.
+
+{% hint style="info" %}
+**Enterprise or custom setup**
+
+When working with an enterprise or a custom setup, ensure that the email claim is included in the ID token configuration.
+{% endhint %}
+
+{% endtab %}
+
+{% tab title="Auth0" %}
+
+1. Access your Auth0 dashboard.
+2. Navigate to **Applications**.
+3. Select **Create Application**.
+
+
+
+4. Give the application a name and select **Regular Web Application**.
+5. Go to the **Settings** section.
+6. Identify and note down the following keys:
+ * **Domain URL** (Authority URL)
+ * **Client Id**
+ * **Client Secret**
+
+{% endtab %}
+
+{% tab title="Google Authentication" %}
+
+1. Access the Google Developer Console.
+2. Select **Create Project** and give it a name.
+3. Go to the **OAuth consent screen** page.
+4. Select the **Internal** User Type and click **Create**.
+5. Fill in the required information.
+6. Add **Authorized domains** from where login should be allowed.
+7. Click **Save and continue**.
+8. Navigate to **Credentials**.
+9. Select **+ Create Credentials** and choose **OAuth client ID**.
+10. Choose **Web Application** as the application type.
+11. Fill in the required fields.
+12. Click **Save** to complete creating the credentials.
+
+Before you move on, take note of the following keys:
+
+* **Client ID** (generated through the steps above)
+* **Client Secret** (generated through the steps above)
+* **Authority URL** (`https://accounts.google.com`)
+
+{% endtab %}
+{% endtabs %}
+
+Once you have the keys from your login provider, follow the next steps in the Umbraco Cloud Portal.
+
+Keep the configuration for your login provider open, as you will come back to it later in the guide.
+
+### Register the login provider in the Cloud Portal
+
+1. Access the Umbraco Cloud Portal.
+2. Navigate to your Organization
+3. Navigate to **External Login Providers** page under the **Login Provider** section.
+
+
+
+4. Select **Add Configuration**.
+5. Fill out the fields.
+ - [Learn how to fill out the form](#how-to-fill-in-the-external-login-provider-configuration).
+
+
+
+6. Click **Create** to add the new configuration.
+7. Click on **Sign-in and Redirect Urls**.
+8. Take note of the Redirect URI.
+9. Head back to the configuration for your external login provider.
+
+{% tabs %}
+{% tab title="Microsoft Entra ID" %}
+
+1. Click on **Authentication**.
+2. Select **Add a platform**.
+3. Select **Web** and add the Redirect URI.
+4. Add more Redirect URIs if needed.
+5. Check the following options under **Implicit grant and hybrid flows**:
+ * Access Tokens (used for implicit flows)
+ * ID tokens (used for implicit and hybrid flows)
+6. Click **Configure** to complete the configuration.
+
+
+{% endtab %}
+
+{% tab title="Auth0" %}
+
+1. Navigate to the **Settings** section.
+2. Scroll down to find the **Application URIs**.
+3. Add the Redirect URI to the **Allowed Callback URLs**.
+4. Add the Redirect URI to the **Allowed Logout URLs** as well.
+
+
+
+5. Add more Redirect URIs if needed.
+
+{% endtab %}
+
+{% tab title="Google Authentication" %}
+
+1. Open the **Credentials** created earlier through this guide.
+2. Select **Add URI**.
+3. Add the Redirect URI.
+4. Click **Save** to complete the configuration.
+
+{% endtab %}
+{% endtabs %}
+
+## How to fill in the External Login Provider Configuration
+
+This section provides an overview of what type of data and information is needed for each field in the configuration form.
+
+### Display Name
+
+A descriptive name for the Login Provider
+
+### Alias (required)
+
+A unique alias for the provider in the Organization. Use only lower-case. Spaces are not allowed.
+
+### Client Id (required)
+
+A unique Client ID is generated in the external login provider.
+
+ * Entra ID: Guid
+ * Auth0: Random characters
+ * Google: `{randomchars}.apps.googleusercontent.com`
+
+### Client Secret (required)
+
+A secret that is generated in the external login provider and is associated with the Client ID.
+
+### Authority (required)
+
+The URL for the external login provider. This can be found in the External Login Provider.
+
+Entra ID: `https://login.microsoftonline.com/<Directory (tenant)>`
+Auth0: `https://{accountId}.uk.auth0.com`
+Google: `https://accounts.google.com`
+
+### Metadata Address
+
+If you need a special metadata address for your External Login Provider, you can set it here. By default, the system resolves the metadata address from the Authority URL, making the property optional.
+
+A common scenario for using a special metadata address is when working with Entra ID and configuring claims mapping. In this case, you must set the metadata address to the following: `https://login.microsoftonline.com/{tenant}/v2.0/.well-known/openid-configuration?appid={client-id}`.
+
+### User Mapping Claim Name
+
+Your provider may assign users to specific roles. For example: Admin, Editor, Viewer.
+
+The **User Mapping Claim Name** is the field in the authentication token (claim) that identifies these roles. The system reads this claim to determine a user's permissions.
+
+For example, if the roles claim is called `user_roles` in your provider, you set the **User Mapping Claim Name** to `user_roles`.
+
+## Signing in using the Login Provider
+
+When trying to access Umbraco Cloud Portal through `s1.umbraco.io`, you are greeted by an Umbraco ID sign-in screen.
+
+To sign in with your login provider, you must use a special sign-in URL that is unique to your Login Provider.
+
+1. Go back to Cloud Portal, where you registered the Login Provider.
+2. Click on the `Sign-in and Redirect URLs` button.
+
+How to retrive the Sign in Url
+
+3. Give the URL to the Organization members you want to sign in using your Login Provider.
+
+## Project Permissions
+
+Project Permissions lets you set up access to Projects in the Portal while signed in with your Login Provider.
+
+You must add one Project Permission model per Project and one per Login Provider. It is not required to add Project Permissions to all projects. Projects without a Project Permissions tied to a Login Provider will not be shown to a user logged in with that particular Login Provider.
+
+Project Permission Screen
+
+To set up Project Permission, follow these steps:
+
+1. Select a Project on the left side of the screen.
+2. Click on "+ Add" on the Login Provider you want to add Project Permissions for.
+
+Add Project Permission
+
+3. Fill in the fields in the modal:
+ - Default Access Level (required)
+ - No Claim Found Behavior (required)
+ - User Mapping Claim Name
+ - Project User Mappings
+ - Consists of two fields: "Provider Role Value" and "Project Access Level"
+
+## How to fill in the Project Permissions
+
+### Default Access Level
+
+Select the level of access you want users to get for this project.
+
+The dropdown has two possible permissions:
+
+- Read
+- Write
+
+#### Read
+
+A team member with Read permissions can only view the project in the portal and the backoffice. They are not able to deploy or change anything on the project itself.
+
+#### Write
+
+A team member with Write permissions can do everything on a project except delete it and edit the team. A user with Write permissions can deploy changes between environments through the portal.
+
+This value is works as a fallback value and can be overwritten by the "Project User Mappings" setting.
+If there are no Mappings available for the user, the "No Claim Found Behavior" setting will evaluate if this fallback permission is used or "NoAccess".
+
+### No Claim Found Behavior
+
+This setting is used for adding granular control.
+
+You can use the Role Claim from your Login Provider to assign Permissions to your users.
+
+The setting has two options:
+
+- NoAccess
+- Use Default Access Level
+
+When `NoAccess` is selected, it will block the user's access to the Project if they do not have the correct Role assigned.
+
+Using the "Use Default Access Level" option, all users in your Login Provider will automatically get the permission you selected in "Default Access Level". The only exception is when they have a hit on the Project User Mappings.
+
+### User Mapping Claim Name
+
+This is used for the name of your provider's default or custom Role claim name. Use this if you want to override the one already entered in the Login Provider configuration.
+
+### Project User Mappings
+
+Use this to map the Provider Role Value (a role coming from your external login provider) to a Project Permission Level in the portal.
+
+If your external login provider is configured to assign roles to users, those role values are included in the ID token. You can then use these values to automatically assign the appropriate access level when the user signs in to the portal.
+
+For example, a role like `Happy.Write` from your identity provider could be mapped to the `Write` permission level for your Cloud project.
+
+## Audit
+
+Use the Audit section to troubleshoot your Login Providers and keep an eye on user Sign-ins.
+
+There is an audit log for each Login Provider. If you remove the Login Provider, the audit log will also disappear.
+
+Audit page
+
+The following audit types are listed:
+
+| Type | Sub-Type | Description |
+|---|---|---|
+| User Sign-ins | - | See information about Project Permissions evaluated at the Sign-in. |
+| External Login Providers | Added and Updated | Entries include the changed properties. The Client Secret is always redacted. |
+| Project Permission | Added, Updated, and Deleted | Shows information on the changed properties and stored Role mapping options |
+
.png)
.png)
