Merge branch 'master' into code-samples-revisit

catalog/Dockerfile

@@ -1,4 +1,4 @@
-FROM nginx:1.24.0@sha256:4163ad4bfd95632013dca65ba9f4762b4c0200973703a3c5be48f37d3715a7d1
+FROM nginx:1.24.0@sha256:a8281ce42034b078dc7d88a5bfe6d25d75956aad9abba75150798b90fa3d1010
 MAINTAINER Quilt Data, Inc. [email protected]
 
 # Set up nginx

docs/Troubleshooting.md

@@ -84,42 +84,27 @@ after clicking the `RELOAD` button in the Quilt Catalog.
 1. Your Quilt user Role has been corrupted. You will need a Quilt Admin
 user to reset your Quilt user Role to a default (**and valid**) Role.
 
-If you accidentally broke the Role for your _only_ Quilt Admin user,
-then you (or your AWS Cloud Administrator) need to:
-
-1. Log in to your AWS account Console.
-1. Go to the CloudFormation service and select your Quilt stack.
-1. Click the `Update` button (top-right) to access the "Update stack" page
-1. In "Prerequisite - Prepare template" select "Use current template". Click "Next".
-1. In the "Specify stack details > Parameters > Administrator web credentials" section:
-    1. Change the `AdminUsername` field to a new value **that has never been used before**.
-    1. Change the `AdminEmail` field to a new email address **that
-    has never been used before**. It may be helpful to use the `+`
-    sign in the new email address, followed by any text - it will
-    successfully deliver to your inbox. For example, `sarah+admin@...`
-    will still be sent to `sarah@...`.
-    1. Click "Next".
-1. **(Optional & preferred)** In the "Configure stack options > Stack
-failure options" section, specify `Roll back all stack resources`.
-Click "Next".
-1. In the "Review <stack-name> > Change set preview" section, verify
-that any changes are not disruptive. For each resource the "Action"
-field value will be `Modify` and the "Logical ID" field value will
-be `Migration` for approximately four resources. Click the "Submit"
-button.
-
-After the deployment update is successfully completed, login to the
-Catalog with the new administrator credentials. Create other Admin
-users as needed.
-
-### Additional support
-To have your Quilt stack changeset reviewed by a Quilt support agent, or
-if you have further questions, please email [email protected]
-with the subject line "Quilt Admin user Role issue" and the body
-containing screenshots of the proposed changeset.
 
-## General stack update failure steps
+## User creation and log in
+Users can either be invited directly or are _just-in-time provisioned (JIP)_ when
+they sign in via SSO and receive the "default role."
+
+### Important conditions and pre-requisites
+* If an admin (or any user) is created with JIP SSO provisioning then
+setting the password for that user has no effect and _password login will never succeed_ 
+for that user. Said another way, users created through SSO can only log in through SSO.
+* You _must disable SSO_ and enable `PasswordAuth` if you wish to log in as an admin
+using a password (as opposed to SSO).
+
+### Changing the admin via CloudFormation
+If you need to change the admin (e.g. you have accidentally broken your admin user)
+try the following:
+1. Change the value of the `AdminEmail` CloudFormation parameter.
+1. Apply the change as a stack _Update_.
+1. Once the update is successful, the new admin can log in, set roles, and nominate
+other admins as needed.
 
+## General stack update failure steps
 On rare occasions, Quilt stack deployment updates might fail. This can happen for several
 reasons. To expedite resolution of stack deployment issues, it's helpful to 
 have the following data and output from the following [AWS CLI](https://aws.amazon.com/cli/)