From 161ac5e097f56658230b48910194a200272d8b8e Mon Sep 17 00:00:00 2001 From: Scott Wilson Date: Fri, 1 Nov 2024 10:38:57 -0700 Subject: [PATCH] docs: oidc added to default org description and improve oidc/smal info/tips --- .../platform/admin-panel/server-admin.mdx | 2 +- .../documentation/platform/sso/auth0-oidc.mdx | 13 +++++++++--- docs/documentation/platform/sso/azure.mdx | 18 ++++++++++++----- .../platform/sso/general-oidc.mdx | 20 +++++++++++++------ .../platform/sso/google-saml.mdx | 19 ++++++++++++------ docs/documentation/platform/sso/jumpcloud.mdx | 18 ++++++++++++----- .../platform/sso/keycloak-oidc.mdx | 13 +++++++++--- .../platform/sso/keycloak-saml.mdx | 18 ++++++++++++----- docs/documentation/platform/sso/okta.mdx | 19 ++++++++++++------ 9 files changed, 100 insertions(+), 40 deletions(-) diff --git a/docs/documentation/platform/admin-panel/server-admin.mdx b/docs/documentation/platform/admin-panel/server-admin.mdx index 355679f82e..ddcf448a60 100644 --- a/docs/documentation/platform/admin-panel/server-admin.mdx +++ b/docs/documentation/platform/admin-panel/server-admin.mdx @@ -33,7 +33,7 @@ Signup can be restricted to users matching one or more email domains, such as yo ### Default Organization -If you're using SAML/LDAP for only one organization on your instance, you can specify a default organization to use at login to skip requiring users to manually enter the organization slug. +If you're using SAML/LDAP/OIDC for only one organization on your instance, you can specify a default organization to use at login to skip requiring users to manually enter the organization slug. ### Trust Emails diff --git a/docs/documentation/platform/sso/auth0-oidc.mdx b/docs/documentation/platform/sso/auth0-oidc.mdx index 331eecdf10..9419d0976b 100644 --- a/docs/documentation/platform/sso/auth0-oidc.mdx +++ b/docs/documentation/platform/sso/auth0-oidc.mdx @@ -69,11 +69,18 @@ description: "Learn how to configure Auth0 OIDC for Infisical SSO." + + If you are only using one organization on your Infisical instance, you can configure a default organization in the [Server Admin Console](../admin-panel/server-admin#default-organization) to expedite OIDC login. + + If you're configuring OIDC SSO on a self-hosted instance of Infisical, make sure to set the `AUTH_SECRET` and `SITE_URL` environment variable for it to - work: - `AUTH_SECRET`: A secret key used for signing and verifying JWT. This + work: +
+ - `AUTH_SECRET`: A secret key used for signing and verifying JWT. This can be a random 32-byte base64 string generated with `openssl rand -base64 - 32`. - `SITE_URL`: The URL of your self-hosted instance of Infisical - should - be an absolute URL including the protocol (e.g. https://app.infisical.com) + 32`. +
+ - `SITE_URL`: The absolute URL of your self-hosted instance of Infisical including the protocol (e.g. https://app.infisical.com) diff --git a/docs/documentation/platform/sso/azure.mdx b/docs/documentation/platform/sso/azure.mdx index e69d3169ac..185d5fcfb0 100644 --- a/docs/documentation/platform/sso/azure.mdx +++ b/docs/documentation/platform/sso/azure.mdx @@ -109,12 +109,20 @@ description: "Learn how to configure Microsoft Entra ID for Infisical SSO." + + If you are only using one organization on your Infisical instance, you can configure a default organization in the [Server Admin Console](../admin-panel/server-admin#default-organization) to expedite SAML login. + + - If you're configuring SAML SSO on a self-hosted instance of Infisical, make sure to - set the `AUTH_SECRET` and `SITE_URL` environment variable for it to work: - - - `AUTH_SECRET`: A secret key used for signing and verifying JWT. This can be a random 32-byte base64 string generated with `openssl rand -base64 32`. - - `SITE_URL`: The URL of your self-hosted instance of Infisical - should be an absolute URL including the protocol (e.g. https://app.infisical.com) + If you're configuring SAML SSO on a self-hosted instance of Infisical, make + sure to set the `AUTH_SECRET` and `SITE_URL` environment variable for it to + work: +
+ - `AUTH_SECRET`: A secret key used for signing and verifying JWT. This + can be a random 32-byte base64 string generated with `openssl rand -base64 + 32`. +
+ - `SITE_URL`: The absolute URL of your self-hosted instance of Infisical including the protocol (e.g. https://app.infisical.com) diff --git a/docs/documentation/platform/sso/general-oidc.mdx b/docs/documentation/platform/sso/general-oidc.mdx index b32bea8e56..7e3a76ff00 100644 --- a/docs/documentation/platform/sso/general-oidc.mdx +++ b/docs/documentation/platform/sso/general-oidc.mdx @@ -20,11 +20,11 @@ Prerequisites: 1.1. Register your application with the IdP to obtain a **Client ID** and **Client Secret**. These credentials are used by Infisical to authenticate with your IdP. - + 1.2. Configure **Redirect URL** to be `https://app.infisical.com/api/v1/sso/oidc/callback`. If you're self-hosting Infisical, replace the domain with your own. - + 1.3. Configure the scopes needed by Infisical (email, profile, openid) and ensure that they are mapped to the ID token claims. - + 1.4. Access the IdP’s OIDC discovery document (usually located at `https:///.well-known/openid-configuration`). This document contains important endpoints such as authorization, token, userinfo, and keys. @@ -70,11 +70,19 @@ Prerequisites: + + If you are only using one organization on your Infisical instance, you can configure a default organization in the [Server Admin Console](../admin-panel/server-admin#default-organization) to expedite OIDC login. + + + If you're configuring OIDC SSO on a self-hosted instance of Infisical, make sure to set the `AUTH_SECRET` and `SITE_URL` environment variable for it to - work: - `AUTH_SECRET`: A secret key used for signing and verifying JWT. This + work: +
+ - `AUTH_SECRET`: A secret key used for signing and verifying JWT. This can be a random 32-byte base64 string generated with `openssl rand -base64 - 32`. - `SITE_URL`: The URL of your self-hosted instance of Infisical - should - be an absolute URL including the protocol (e.g. https://app.infisical.com) + 32`. +
+ - `SITE_URL`: The absolute URL of your self-hosted instance of Infisical including the protocol (e.g. https://app.infisical.com) diff --git a/docs/documentation/platform/sso/google-saml.mdx b/docs/documentation/platform/sso/google-saml.mdx index da34e076a1..4f31bffb1f 100644 --- a/docs/documentation/platform/sso/google-saml.mdx +++ b/docs/documentation/platform/sso/google-saml.mdx @@ -85,13 +85,20 @@ description: "Learn how to configure Google SAML for Infisical SSO." + + If you are only using one organization on your Infisical instance, you can configure a default organization in the [Server Admin Console](../admin-panel/server-admin#default-organization) to expedite SAML login. + + - If you're configuring SAML SSO on a self-hosted instance of Infisical, make - sure to set the `AUTH_SECRET` and `SITE_URL` environment variable for it to - work: - `AUTH_SECRET`: A secret key used for signing and verifying JWT. This - can be a random 32-byte base64 string generated with `openssl rand -base64 - 32`. - `SITE_URL`: The URL of your self-hosted instance of Infisical - should - be an absolute URL including the protocol (e.g. https://app.infisical.com) + If you're configuring SAML SSO on a self-hosted instance of Infisical, make + sure to set the `AUTH_SECRET` and `SITE_URL` environment variable for it to + work: +
+ - `AUTH_SECRET`: A secret key used for signing and verifying JWT. This + can be a random 32-byte base64 string generated with `openssl rand -base64 + 32`. +
+ - `SITE_URL`: The absolute URL of your self-hosted instance of Infisical including the protocol (e.g. https://app.infisical.com) References: diff --git a/docs/documentation/platform/sso/jumpcloud.mdx b/docs/documentation/platform/sso/jumpcloud.mdx index 781f5224a7..ce89b8e0dd 100644 --- a/docs/documentation/platform/sso/jumpcloud.mdx +++ b/docs/documentation/platform/sso/jumpcloud.mdx @@ -89,10 +89,18 @@ description: "Learn how to configure JumpCloud SAML for Infisical SSO." + + If you are only using one organization on your Infisical instance, you can configure a default organization in the [Server Admin Console](../admin-panel/server-admin#default-organization) to expedite SAML login. + + - If you're configuring SAML SSO on a self-hosted instance of Infisical, make sure to - set the `AUTH_SECRET` and `SITE_URL` environment variable for it to work: - - - `AUTH_SECRET`: A secret key used for signing and verifying JWT. This can be a random 32-byte base64 string generated with `openssl rand -base64 32`. - - `SITE_URL`: The URL of your self-hosted instance of Infisical - should be an absolute URL including the protocol (e.g. https://app.infisical.com) + If you're configuring SAML SSO on a self-hosted instance of Infisical, make + sure to set the `AUTH_SECRET` and `SITE_URL` environment variable for it to + work: +
+ - `AUTH_SECRET`: A secret key used for signing and verifying JWT. This + can be a random 32-byte base64 string generated with `openssl rand -base64 + 32`. +
+ - `SITE_URL`: The absolute URL of your self-hosted instance of Infisical including the protocol (e.g. https://app.infisical.com) diff --git a/docs/documentation/platform/sso/keycloak-oidc.mdx b/docs/documentation/platform/sso/keycloak-oidc.mdx index d8bb8d3065..cb774a014b 100644 --- a/docs/documentation/platform/sso/keycloak-oidc.mdx +++ b/docs/documentation/platform/sso/keycloak-oidc.mdx @@ -95,11 +95,18 @@ description: "Learn how to configure Keycloak OIDC for Infisical SSO." + + If you are only using one organization on your Infisical instance, you can configure a default organization in the [Server Admin Console](../admin-panel/server-admin#default-organization) to expedite OIDC login. + + If you're configuring OIDC SSO on a self-hosted instance of Infisical, make sure to set the `AUTH_SECRET` and `SITE_URL` environment variable for it to - work: - `AUTH_SECRET`: A secret key used for signing and verifying JWT. This + work: +
+ - `AUTH_SECRET`: A secret key used for signing and verifying JWT. This can be a random 32-byte base64 string generated with `openssl rand -base64 - 32`. - `SITE_URL`: The URL of your self-hosted instance of Infisical - should - be an absolute URL including the protocol (e.g. https://app.infisical.com) + 32`. +
+ - `SITE_URL`: The absolute URL of your self-hosted instance of Infisical including the protocol (e.g. https://app.infisical.com) diff --git a/docs/documentation/platform/sso/keycloak-saml.mdx b/docs/documentation/platform/sso/keycloak-saml.mdx index 9817397117..53f47f1ae0 100644 --- a/docs/documentation/platform/sso/keycloak-saml.mdx +++ b/docs/documentation/platform/sso/keycloak-saml.mdx @@ -130,10 +130,18 @@ description: "Learn how to configure Keycloak SAML for Infisical SSO." + + If you are only using one organization on your Infisical instance, you can configure a default organization in the [Server Admin Console](../admin-panel/server-admin#default-organization) to expedite SAML login. + + - If you're configuring SAML SSO on a self-hosted instance of Infisical, make sure to - set the `AUTH_SECRET` and `SITE_URL` environment variable for it to work: - - - `AUTH_SECRET`: A secret key used for signing and verifying JWT. This can be a random 32-byte base64 string generated with `openssl rand -base64 32`. - - `SITE_URL`: The URL of your self-hosted instance of Infisical - should be an absolute URL including the protocol (e.g. https://app.infisical.com) + If you're configuring SAML SSO on a self-hosted instance of Infisical, make + sure to set the `AUTH_SECRET` and `SITE_URL` environment variable for it to + work: +
+ - `AUTH_SECRET`: A secret key used for signing and verifying JWT. This + can be a random 32-byte base64 string generated with `openssl rand -base64 + 32`. +
+ - `SITE_URL`: The absolute URL of your self-hosted instance of Infisical including the protocol (e.g. https://app.infisical.com) \ No newline at end of file diff --git a/docs/documentation/platform/sso/okta.mdx b/docs/documentation/platform/sso/okta.mdx index b0ac046d03..9a1d4aa2f6 100644 --- a/docs/documentation/platform/sso/okta.mdx +++ b/docs/documentation/platform/sso/okta.mdx @@ -98,11 +98,18 @@ description: "Learn how to configure Okta SAML 2.0 for Infisical SSO." + + If you are only using one organization on your Infisical instance, you can configure a default organization in the [Server Admin Console](../admin-panel/server-admin#default-organization) to expedite SAML login. + + - If you're configuring SAML SSO on a self-hosted instance of Infisical, make - sure to set the `AUTH_SECRET` and `SITE_URL` environment variable for it to - work: - `AUTH_SECRET`: A secret key used for signing and verifying JWT. This - can be a random 32-byte base64 string generated with `openssl rand -base64 - 32`. - `SITE_URL`: The URL of your self-hosted instance of Infisical - should - be an absolute URL including the protocol (e.g. https://app.infisical.com) + If you're configuring SAML SSO on a self-hosted instance of Infisical, make + sure to set the `AUTH_SECRET` and `SITE_URL` environment variable for it to + work: +
+ - `AUTH_SECRET`: A secret key used for signing and verifying JWT. This + can be a random 32-byte base64 string generated with `openssl rand -base64 + 32`. +
+ - `SITE_URL`: The absolute URL of your self-hosted instance of Infisical including the protocol (e.g. https://app.infisical.com)