diff --git a/docs/howto/configure/auth-management.md b/docs/howto/configure/auth-management.md index 3c92a79057..0d7f862dfd 100644 --- a/docs/howto/configure/auth-management.md +++ b/docs/howto/configure/auth-management.md @@ -186,6 +186,18 @@ There are also some steps that a Community Representative will need to take to s When authenticating against a GitHub Team, we are required to use the `read:org` scope as the GitHub OAuth App needs to know which teams belong to the organisation as well as the members of the specified team. ``` + + ````{note} + Allowing access to a specific GitHub team, let's say `ORG_NAME:TEAM_NAME`, doesn't mean that the users that are only members of the TEAM_NAME sub-teams, e.g. ORG_NAME:TEAM_NAME:SUB_TEAM_NAME`, will get access too. + + Instead, each sub-team must be explicitly added to the `allowed_organizations` list: + ```yaml + allowed_organizations: + - ORG_NAME:TEAM_NAME + - ORG_NAME:SUB_TEAM_NAME + ``` + + ```` 6. Run the deployer as normal to apply the config.