add info about registering new users

CZERTAINLY · Nov 6, 2024 · de08768 · de08768
1 parent 95da2e3
commit de08768
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 0 deletions.
diff --git a/docs/10-certificate-key/20-integration-guides/18-adfs/01-overview.mdx b/docs/10-certificate-key/20-integration-guides/18-adfs/01-overview.mdx
@@ -28,6 +28,7 @@ Integration consists of the following steps:
 |---|--------------------------------------------|-----------------------------------------------------------------------------------------------------------------|
 | 1 | [Configure Keycloak](./configure-keycloak) | Configure AD FS as SAML 2.0 IdP for Keycloak, define attribute mappings and export SAML XML metadata for AD FS. |
 | 2 | [Configure AD FS](./configure-adfs)        | Import SAML metadata from Keycloak, establish trust and define attribute mappings for CZERTAINLY.               |
+| 3 | [Configure CZERTAINLY](./configure-czertainly) | Optionaly configure automatic creation of users and roles.                                                  |
 
 ## Login using AD FS
 

diff --git a/docs/10-certificate-key/20-integration-guides/18-adfs/35-configure-czertainly.mdx b/docs/10-certificate-key/20-integration-guides/18-adfs/35-configure-czertainly.mdx
@@ -0,0 +1,20 @@
+# Configure CZERTAINLY
+
+By default, users and roles that do not exist are rejected.
+
+When you are integrating with AD FS, or generally with an external IdM, it is
+desirable to register new users automatically, make sure that IdM assign them
+some role with permissions configured within CZERTAINLY.
+
+Automatic registration of new roles is also possible but without further
+configuration of permissions, users only with those new roles will not have any
+permissions within CZERTAINLY.
+
+To enable the automatic creation of new users, define in your `values.yaml`
+following section:
+
+```yaml
+authService:
+  createUnknownUsers: "true"
+  createUnknownRoles: "false"
+```