add generic sso authenciation page and SP-initiated SSO on Okta (#17494)

* add generic sso authenciation page and SP-initiated SSO on Okta * Rename docs/cloud/manage/sso-authentication.md to docs/netdata-cloud/sso-authentication.md * Update metadata.yaml * add category overview page and rename sso file to its title * alter script to send auth integrations to desired folder * alter script to send auth integrations to desired folder * add content on the authentication & authorization main page --------- Co-authored-by: Fotis Voutsas <fotis@netdata.cloud>
2025-04-10 16:17:36 +00:00 · 2024-04-23 13:26:21 +01:00 · 2024-04-23 13:26:21 +01:00 · fbd3e485ee
commit fbd3e485ee
parent 9184c37c92
5 changed files with 57 additions and 2 deletions
--- a/docs/category-overview-pages/authentication-and-authorization.md
+++ b/docs/category-overview-pages/authentication-and-authorization.md
@ -0,0 +1,11 @@
+# Authentication & Authorization
+
+This section contains documentation about the way Netdata allows users to Authenticate with Netdata Cloud and how
+they can manage the Authorization flows controlling what their teammates can access and do on Netdaata Cloud.
+
+For more details on these topics please check:
+* [Sign in to Netdata](https://github.com/netdata/netdata/blob/master/docs/cloud/manage/sign-in.md)
+* [Enterprise SSO Authentication](https://github.com/netdata/netdata/blob/master/docs/netdata-cloud/enterprise-sso-authentication.md)
+* [Organize Your Infrastructure and Invite your Team](https://github.com/netdata/netdata/blob/master/docs/cloud/manage/organize-your-infrastrucutre-invite-your-team.md)
+* [Netdata's Role-Based Access model](https://github.com/netdata/netdata/blob/master/docs/cloud/manage/role-based-access.md)
+
--- a/docs/netdata-cloud/enterprise-sso-authentication.md
+++ b/docs/netdata-cloud/enterprise-sso-authentication.md
@ -0,0 +1,36 @@
+# Enterprise SSO Authentication
+
+Netdata provides you with means to streamline and control how your team connects and authenticates to Netdata Cloud. We provide
+ diferent Single Sign-On (SSO) integrations that allow you to connect with the tool that your organization is using to manage your 
+ user accounts.
+
+ > ❗ This feature focus is on the Authentication flow, it doesn't support the Authorization with managing Users and Roles.
+
+
+## How to set it up?
+
+If you want to setup your Netdata Space to allow user Authentication through an Enterprise SSO tool you need to:
+* Confirm the integration to the tool you want is available ([Authentication integations](tbd))
+* Have a Netdata Cloud account
+* Have Access to the Space as an administrator
+* Your Space needs to be on the Business plan or higher
+
+Once you ensure the above prerequisites you need to:
+1. Click on the Space settings cog (located above your profile icon)
+2. Click on the Authentication tab
+3. Select the card for the integration you are looking for, click on Configure
+4. Fill the required attributes need to establish the integration with the tool
+
+
+## How to authenticate to Netdata?
+
+### From Netdata Sign-up page
+
+If you're starting your flow from Netdata sign-in page you need to:
+1. Click on the link `Sign-in with an Enterprise Signle Sign-On (SSO)`
+2. Enter your email address 
+3. Go to your mailbox and check the `Sign In to Nedata` email that you have received
+4. Click on the **Sign In** button
+
+Note: If you're not authenticated on the Enterprise SSO tool you'll be prompted to authenticate there
+first before being allowed to proceed to Netdata Cloud.
--- a/integrations/cloud-authentication/integrations/okta_sso.md
+++ b/integrations/cloud-authentication/integrations/okta_sso.md
@ -3,7 +3,7 @@ custom_edit_url: "https://github.com/netdata/netdata/edit/master/integrations/cl
 meta_yaml: "https://github.com/netdata/netdata/edit/master/integrations/cloud-authentication/metadata.yaml"
 sidebar_label: "Okta SSO"
 learn_status: "Published"
-learn_rel_path: "Authentication"
+learn_rel_path: "Netdata Cloud/Authentication & Authorization/Cloud Authentication & Authorization Integrations"
 message: "DO NOT EDIT THIS FILE DIRECTLY, IT IS GENERATED BY THE AUTHENTICATION'S metadata.yaml FILE"
 endmeta-->

@ -44,4 +44,8 @@ Steps needed to be done on Okta Admin Portal:
    - **Client ID** you can get it from **General** tab on application you configured on Okta
    - **Client Secret** you can get it from **General** tab on application you configured on Okta

+### SP-initiated SSO
+
+If you start your authentication flow from Netdata sign-in page please check [these steps](https://github.com/netdata/netdata/blob/master/docs/netdata-cloud/enterprise-sso-authentication.md).
+

--- a/integrations/cloud-authentication/metadata.yaml
+++ b/integrations/cloud-authentication/metadata.yaml
@ -39,3 +39,7 @@
          - **Issuer URL** you can get it from your profile icon on top, e.g. `https://company-name.okta.com`
          - **Client ID** you can get it from **General** tab on application you configured on Okta
          - **Client Secret** you can get it from **General** tab on application you configured on Okta
+
+      ### SP-initiated SSO
+
+      If you start your authentication flow from Netdata sign-in page please check [these steps](https://github.com/netdata/netdata/blob/master/docs/netdata-cloud/enterprise-sso-authentication.md).
--- a/integrations/gen_docs_integrations.py
+++ b/integrations/gen_docs_integrations.py
@ -265,7 +265,7 @@ endmeta-->
 meta_yaml: "{meta_yaml}"
 sidebar_label: "{sidebar_label}"
 learn_status: "Published"
-learn_rel_path: "{learn_rel_path.replace("authentication", "Authentication")}"
+learn_rel_path: "{learn_rel_path.replace("authentication", "Netdata Cloud/Authentication & Authorization/Cloud Authentication & Authorization Integrations")}"
 message: "DO NOT EDIT THIS FILE DIRECTLY, IT IS GENERATED BY THE AUTHENTICATION'S metadata.yaml FILE"
 endmeta-->