diff --git a/docs/10-certificate-key/20-integration-guides/18-adfs/01-overview.mdx b/docs/10-certificate-key/20-integration-guides/18-adfs/01-overview.mdx index 7007d3d06..9034c510a 100644 --- a/docs/10-certificate-key/20-integration-guides/18-adfs/01-overview.mdx +++ b/docs/10-certificate-key/20-integration-guides/18-adfs/01-overview.mdx @@ -28,6 +28,7 @@ Integration consists of the following steps: |---|--------------------------------------------|-----------------------------------------------------------------------------------------------------------------| | 1 | [Configure Keycloak](./configure-keycloak) | Configure AD FS as SAML 2.0 IdP for Keycloak, define attribute mappings and export SAML XML metadata for AD FS. | | 2 | [Configure AD FS](./configure-adfs) | Import SAML metadata from Keycloak, establish trust and define attribute mappings for CZERTAINLY. | +| 3 | [Configure CZERTAINLY](./configure-czertainly) | Optionaly configure automatic creation of users and roles. | ## Login using AD FS diff --git a/docs/10-certificate-key/20-integration-guides/18-adfs/35-configure-czertainly.mdx b/docs/10-certificate-key/20-integration-guides/18-adfs/35-configure-czertainly.mdx new file mode 100644 index 000000000..a0f2d9b26 --- /dev/null +++ b/docs/10-certificate-key/20-integration-guides/18-adfs/35-configure-czertainly.mdx @@ -0,0 +1,20 @@ +# Configure CZERTAINLY + +By default, users and roles that do not exist are rejected. + +When you are integrating with AD FS, or generally with an external IdM, it is +desirable to register new users automatically, make sure that IdM assign them +some role with permissions configured within CZERTAINLY. + +Automatic registration of new roles is also possible but without further +configuration of permissions, users only with those new roles will not have any +permissions within CZERTAINLY. + +To enable the automatic creation of new users, define in your `values.yaml` +following section: + +```yaml +authService: + createUnknownUsers: "true" + createUnknownRoles: "false" +``` \ No newline at end of file