From 3b9c7bb80e1bdf9f5f587f636365ba7b79a61add Mon Sep 17 00:00:00 2001 From: Stacey Salamon Date: Fri, 15 Sep 2023 15:06:46 +0200 Subject: [PATCH] Add docs for managed users --- _toc.yml | 3 ++- docs/platform/concepts/managed-users.rst | 10 ++++++++++ docs/platform/howto/managed-users.rst | 10 ---------- .../howto/set-authentication-policies.rst | 15 +++++++++++---- 4 files changed, 23 insertions(+), 15 deletions(-) create mode 100644 docs/platform/concepts/managed-users.rst delete mode 100644 docs/platform/howto/managed-users.rst diff --git a/_toc.yml b/_toc.yml index 95943fce77..366d7c8b49 100644 --- a/_toc.yml +++ b/_toc.yml @@ -67,9 +67,9 @@ entries: - file: docs/platform/howto/list-user title: User and access management entries: - - file: docs/platform/howto/managed-users - file: docs/platform/howto/manage-org-users title: Invite and remove organization users + - file: docs/platform/concepts/managed-users - file: docs/platform/howto/list-user-profile entries: - file: docs/platform/howto/edit-user-profile @@ -80,6 +80,7 @@ entries: - file: docs/platform/reference/password-policy - file: docs/platform/howto/user-2fa - file: docs/platform/howto/set-authentication-policies + title: Set authentication policies - file: docs/platform/concepts/authentication-tokens - file: docs/platform/howto/create_authentication_token - file: docs/platform/howto/list-saml diff --git a/docs/platform/concepts/managed-users.rst b/docs/platform/concepts/managed-users.rst new file mode 100644 index 0000000000..ab8a934055 --- /dev/null +++ b/docs/platform/concepts/managed-users.rst @@ -0,0 +1,10 @@ +Managed users +============== + +The managed users feature provides a centralized way of managing all of your organization's users, including editing their profiles, resetting passwords, and :doc:`setting authentication policies `. + +When you :doc:`verify a domain `, existing organization users automatically become managed users. New users can be provisioned and managed through your identity provider (IdP). + +A managed user cannot create new organizations unless they are a super admin of the organization that they are managed by. They are also not allowed to edit their user profiles. + +To see a list of all users in your organization go to **Admin** and select **Users**. \ No newline at end of file diff --git a/docs/platform/howto/managed-users.rst b/docs/platform/howto/managed-users.rst deleted file mode 100644 index 18bb571ab7..0000000000 --- a/docs/platform/howto/managed-users.rst +++ /dev/null @@ -1,10 +0,0 @@ -Managed users -============== - -Managed users provides a centralized way of managing all of your organization's users, including editing their profiles, resetting passwords, and :doc:`setting authentication policies `. - -When you :doc:`verify a domain `, your organization users automatically become managed users. These users are managed through your identitiy provider (IdP), meaning they are provisioned through the IdP. - -Managed users are not allowed to edit their user profiles. They cannot create new organizations unless they are the owner of the organization that they are managed by. - -To see a list of all users in your organization go to **Admin** and select **Users**. \ No newline at end of file diff --git a/docs/platform/howto/set-authentication-policies.rst b/docs/platform/howto/set-authentication-policies.rst index a3b73ddcec..44706474fd 100644 --- a/docs/platform/howto/set-authentication-policies.rst +++ b/docs/platform/howto/set-authentication-policies.rst @@ -1,16 +1,23 @@ -Set authentication policies for managed users -============================================== +Set authentication policies for organization users +=================================================== +The authentication policy for your organization specifies the ways that users can access your organization on the Aiven platform. + +You can, for example, restrict organization users to using single sign-on through a :doc:`verified domain `. Alternatively, you can allow them to create a password or use third-party authentication providers like Google, Microsoft, and GitHub. For an added layer of security, you can enforce two-factor authentication for password logins. + +:doc:`Managed users ` cannot log in with disabled authentication methods. Users that are not managed can log in with disabled methods, but they won't have access to the organization if they do. Set an authentication policy ------------------------------ To set an authentication policy for all users in an organization: -#. Click **Admin**. +#. In the organization, click **Admin**. #. Click **Authentication**. -#. +#. Click the toggle for each authentication method that you want to allow. + +#. Click **Save changes**.