[automate-2530] document supported LDAP/SAML configurations #2636
Conversation
Signed-off-by: Brenna Hewer-Darroch <[email protected]>
Signed-off-by: Brenna Hewer-Darroch <[email protected]>
dev-docs/auth.md
Outdated
|
|
||
| If you want to use google as an IdP (Identity Provider) or our internal test LDAP server, there are a few variables you can set. | ||
| OKTA with SAML and AD with LDAP have anecdotally been reported to be the most common configurations among our users. |
There was a problem hiding this comment.
| OKTA with SAML and AD with LDAP have anecdotally been reported to be the most common configurations among our users. | |
| OKTA with SAML and AD with LDAP are the most common configurations among our users. |
|
|
||
| - Microsoft Active Directory (MSAD) | ||
|
|
||
| ### Configurations with Known Issues |
There was a problem hiding this comment.
lets move this section to somewhere in the repo instead of in the docs
There was a problem hiding this comment.
these are dev docs so they're not part of the docs we deploy to customers. but i could move it to the authn README if that seems a little more out of the way
dev-docs/auth.md
Outdated
|
|
||
| - Azure AD with SAML: we cannot support SAML with Azure AD because Automate cannot consume SAML IdP metadata, which Azure relies on to rotate keys. | ||
| - Appleconnect with SAML: invalid signature error. | ||
| - in general, dex does not support idP initiated SSO |
There was a problem hiding this comment.
lets link to the pr in progress for this
dexidp/dex#1514
| @@ -42,6 +42,14 @@ Local, MSAD, and LDAP users will have their Chef Automate sessions refreshed whi | |||
| browsing session of the Chef Automate UI or until they sign out directly. | |||
| {{< /info >}} | |||
|
|
|||
| ## Supported Identity Management Systems | |||
|
|
|||
| - OKTA | |||
There was a problem hiding this comment.
I'm guessing these are in order of prevalence but I expected them to be alphabetized 🤷♀
There was a problem hiding this comment.
ya alphabetized would look better
Signed-off-by: Brenna Hewer-Darroch <[email protected]>
|
|
||
| If you want to use google as an IdP (Identity Provider) or our internal test LDAP server, there are a few variables you can set. | ||
| OKTA with SAML and AD with LDAP are the most common configurations among our users. |
There was a problem hiding this comment.
AD with LDAP are the most common configurations among our users. This is a bit misleading since most people using AD are using the AD specific configuration instead of LDAP. I understand what this is saying but the world configurations might be a bit overloaded here.
There was a problem hiding this comment.
Oh just also realized this was a dev doc. That's an ignorable nit in that case.
🔩 Description: What code changed, and why?
We want to document a list of our most commonly used IdP configurations for reference.
I've also added some internal documentation on some known issues.
👟 How to Build and Test the Change
✅ Checklist