From 64d33e6edac0cf730d68494b4fc02b3b123676c2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Juan=20Ca=C3=B1ete?=
 <2930882+juacker@users.noreply.github.com>
Date: Thu, 3 Oct 2024 14:34:34 +0200
Subject: [PATCH] Add FAQ to SCIM integration doc (#18664)

Co-authored-by: Ilya Mashchenko <ilya@netdata.cloud>
---
 integrations/cloud-authentication/metadata.yaml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/integrations/cloud-authentication/metadata.yaml b/integrations/cloud-authentication/metadata.yaml
index 72f5a5fe12..1457e51056 100644
--- a/integrations/cloud-authentication/metadata.yaml
+++ b/integrations/cloud-authentication/metadata.yaml
@@ -169,5 +169,19 @@
       The externalID in SCIM must correspond to the subfield in OIDC. Any deviation from this mapping may result
       in incorrect user identification and authentication failures.
 
+      ## FAQ
+
+      ### Why aren’t users automatically added to Netdata spaces when they’re created through SCIM?
+
+      Currently, our SCIM server supports only the User resource. We plan to add support for the Group resource in the future.
+
+      In a Netdata space, users can belong to multiple rooms and have different roles (e.g., admin, manager). Additionally, the same organization may have multiple spaces.
+
+      As we don't yet support groups, when a user is created through SCIM, we don’t have a way to determine which spaces, rooms, and roles the user should be assigned to.
+
+      Once we implement support for the Group resource, admins will be able to map SCIM groups to Netdata memberships, so this assignment will be done automatically.
+
+      Until then, SCIM can only be used to grant or block access to Netdata for users in your organization. After a user is created, it is up to the Netdata administrator to manually invite them to spaces, rooms and assign roles.
+
       ### Reference
       [SCIM Specification](https://scim.org)