Merge pull request #2450 from aiven/staceys-saml-doc-544

Update SAML IdP articles

.github/vale/dicts/aiven.dic

@@ -122,6 +122,7 @@ inodes
 Instana
 IdP
 IdPs
+IdP's
 io
 iops
 IPsec

.github/vale/styles/Aiven/capitalization_headings.yml

@@ -86,6 +86,7 @@ exceptions:
   - Loggly
   - Logtail
   - Microsoft Azure
+  - Microsoft Azure Active Directory
   - MirrorMaker
   - MongoDB
   - MySQL

_redirects

@@ -13,7 +13,6 @@
 /api                /docs/tools/api
 /cli                /docs/tools/cli.html
 /terraform          /docs/tools/terraform
-/community          https://aiven.io/community/
 
 # Renamed/deleted files
 /docs/products/flink/howto/real-time-alerting-solution-cli.html       /docs/products/flink/howto/real-time-alerting-solution.html
@@ -48,7 +47,7 @@
 /docs/products/clickhouse/howto/add-service-users                      /docs/products/clickhouse/howto/manage-users-roles
 /docs/products/clickhouse/howto/add-service-users.html                 /docs/products/clickhouse/howto/manage-users-roles.html
 /docs/products/clickhouse/sample-dataset.html                          /docs/products/clickhouse/howto/load-dataset.html
-/docs/products/flink/howto/create-job.html                             /docs/products/flink/howto/create-job/create-flink-applications.html
+/docs/products/flink/howto/create-job.html                             /docs/products/flink/howto/create-job/create-flink-applications.html 
 /docs/products/flink/concepts/flink-for-analysts.html                  /docs/products/flink/list-overview.html
 /docs/products/flink/concepts/flink-for-operators.html                 /docs/products/flink/list-overview.html
 /docs/products/flink/howto/real-time-alerting-solution                 /docs/tutorials/anomaly-detection
@@ -59,18 +58,20 @@
 /docs/platform/concepts/byoa.html                                      /docs/platform/concepts/byoc.html
 /docs/products/opensearch/howto/list-upgrade                           /docs/products/opensearch/howto
 /docs/products/opensearch/howto/upgrade-to-opensearch                  /docs/products/opensearch/concepts/opensearch-vs-elasticsearch
-/docs/tutorials                                                        /docs/integrations
-/docs/platform/howto/list-support                                      /docs/platform/howto/project-support-center
-/docs/platform/howto/change-support-tier                               /docs/platform/howto/project-support-center
-/docs/platform/concepts/service-level-agreement                        /docs/platform/howto/project-support-center
-/docs/products/postgresql/reference/list-of-advanced-params            /docs/products/postgresql/reference/advanced-params
-/docs/products/kafka/reference/kstream-data-write-issue                https://aiven.io/changelog#06-12-2023
-/docs/tools/api/examples                                               /docs/tools/api
+/docs.aiven.io/docs/platform/howto/list-saml                           /docs.aiven.io/docs/platform/howto/list-identity-providers
+/docs/platform/howto/saml/saml-authentication                          /docs/platform/howto/saml/add-identity-providers
+/docs/platform/howto/saml/setup-saml-auth0                             /docs/platform/howto/saml/add-auth0-idp
+/docs/platform/howto/saml/setup-saml-azure                             /docs/platform/howto/saml/add-azure-idp
+/docs/platform/howto/saml/setup-saml-fusionauth                        /docs/platform/howto/saml/add-fusionauth-idp
+/docs/platform/howto/saml/setup-saml-google                            /docs/platform/howto/saml/add-google-idp
+/docs/platform/howto/saml/setup-saml-jumpcloud                         /docs/platform/howto/saml/add-jumpcloud-idp
+/docs/platform/howto/saml/setup-saml-okta                              /docs/platform/howto/saml/add-okta-idp
+/docs/platform/howto/saml/setup-saml-onelogin                          /docs/platform/howto/saml/add-onelogin-idp
 
 
-# Moved to https://aiven.io/developer
+# Moved to https://aiven.io/developer 
 /docs/tools/terraform/reference/cookbook                                        https://aiven.io/developer/terraform
-/docs/tools/terraform/reference/cookbook.html                                   https://aiven.io/developer/terraform
+/docs/tools/terraform/reference/cookbook.html                                   https://aiven.io/developer/terraform 
 /docs/tools/terraform/reference/cookbook/kafka-connect-terraform-recipe         https://aiven.io/developer/apache-kafka-to-opensearch-terraform
 /docs/tools/terraform/reference/cookbook/multicloud-postgresql-recipe           https://aiven.io/developer/multicloud-postgresql-terraform
 /docs/tools/terraform/reference/cookbook/kafka-flink-integration-recipe         https://aiven.io/developer/kafka-source-sink-flink-integration
@@ -81,31 +82,13 @@
 /docs/tools/terraform/reference/cookbook/kafka-mongodb-recipe                   https://aiven.io/developer/apache-kafka-with-mongodb
 /docs/tools/terraform/reference/cookbook/kafka-debezium-postgres-source         https://aiven.io/developer/debezium-source-postgresql-kafka-across-clouds
 /docs/tools/terraform/reference/cookbook/kafka-topics-http-connector-recipe     https://aiven.io/developer/kafka-with-http-sink
-/docs/tools/terraform/reference/cookbook/kafka-custom-conf-recipe               https://aiven.io/developer/apache-kafka-with-custom-configurations
+/docs/tools/terraform/reference/cookbook/kafka-custom-conf-recipe                https://aiven.io/developer/apache-kafka-with-custom-configurations
 /docs/tools/terraform/reference/cookbook/m3db-m3agg-recipe                      https://aiven.io/developer/m3-aggregator-integration
 /docs/tools/terraform/reference/cookbook/postgresql-read-replica-recipe         https://aiven.io/developer/postgresql-read-only-terraform
 /docs/tools/terraform/reference/cookbook/clickhouse-access-setup-recipe         https://aiven.io/developer/manage-user-privileges-clickhouse-terraform
 /docs/products/clickhouse/howto/configure-access-terraform-deployed             https://aiven.io/developer/manage-user-privileges-clickhouse-terraform
 /docs/tools/terraform/reference/cookbook/kafka-clickhouse-integration-recipe    https://aiven.io/developer/kafka-source-for-clickhouse
-/docs/tools/terraform/reference/cookbook/postgres-clickhouse-integration-recipe https://aiven.io/developer/postgresql-source-for-clickhouse
-/docs/community/challenge/catch-the-bus                                         https://aiven.io/community/
-/docs/community/challenge/the-rolling-challenge                                 https://aiven.io/community/
-/docs/tools/cli/account/account-authentication-method                           /docs/tools/cli/account
-/docs/tools/cli/card                                                            /docs/tools/cli/account
-
-
-/docs/tools/api/examples                                                        /docs/tools/api
-/docs/products/postgresql/getting-started                                       /docs/products/postgresql/get-started
-/docs/products/m3db/getting-started                                             /docs/products/m3db/get-started
-/docs/products/flink/getting-started                                            /docs/products/flink/get-started
-/docs/products/kafka/getting-started                                            /docs/products/kafka/get-started
-/docs/products/clickhouse/getting-started                                       /docs/products/clickhouse/get-started
-/docs/products/opensearch/getting-started                                       /docs/products/opensearch/get-started
-/docs/products/kafka/karapace/getting-started                                   /docs/products/kafka/karapace/get-started
-/docs/products/kafka/kafka-connect/getting-started                              /docs/products/kafka/kafka-connect/get-started
-/docs/products/opensearch/dashboards/getting-started                            /docs/products/opensearch/dashboards/get-started
-/docs/products/kafka/kafka-mirrormaker/getting-started                          /docs/products/kafka/kafka-mirrormaker/get-started
-
+/docs/tools/terraform/reference/cookbook/postgres-clickhouse-integration-recipe     https://aiven.io/developer/postgresql-source-for-clickhouse
 
 # Redirect from .index.html to specific page names for landing
 

_toc.yml

@@ -88,17 +88,17 @@ entries:
         title: Set authentication policies
       - file: docs/platform/concepts/authentication-tokens
       - file: docs/platform/howto/create_authentication_token
-      - file: docs/platform/howto/list-saml
-        title: SAML authentication
-        entries:
-        - file: docs/platform/howto/saml/saml-authentication
-        - file: docs/platform/howto/saml/setup-saml-auth0
-        - file: docs/platform/howto/saml/setup-saml-azure
-        - file: docs/platform/howto/saml/setup-saml-fusionauth
-        - file: docs/platform/howto/saml/setup-saml-jumpcloud
-        - file: docs/platform/howto/saml/setup-saml-okta
-        - file: docs/platform/howto/saml/setup-saml-onelogin
-        - file: docs/platform/howto/saml/setup-saml-google
+    - file: docs/platform/howto/list-identity-providers
+      title: Identity providers
+      entries:
+      - file: docs/platform/howto/saml/add-identity-providers
+      - file: docs/platform/howto/saml/add-auth0-idp
+      - file: docs/platform/howto/saml/add-azure-idp
+      - file: docs/platform/howto/saml/add-fusionauth-idp
+      - file: docs/platform/howto/saml/add-jumpcloud-idp
+      - file: docs/platform/howto/saml/add-okta-idp
+      - file: docs/platform/howto/saml/add-onelogin-idp
+      - file: docs/platform/howto/saml/add-google-idp
     - file: docs/platform/howto/list-groups
       entries:
       - file: docs/platform/howto/manage-groups

docs/platform/howto/list-identity-providers.rst

@@ -0,0 +1,6 @@
+Identity providers
+===================
+
+Give your organization users access to Aiven through SAML-based single sign-on with your preferred identity provider.
+
+.. tableofcontents::

docs/platform/howto/saml/add-auth0-idp.rst

@@ -0,0 +1,62 @@
+Add Auth0 as an identity provider
+=================================
+
+Use `Auth0 <https://auth0.com/>`_ to give your organization users single sign-on (SSO) access to Aiven. 
+
+
+Prerequisite steps in Aiven Console
+------------------------------------
+
+Add Auth0 as an :ref:`identity provider <add-idp-aiven-console>` in the Console. 
+
+
+.. _configure-saml-auth0:
+
+Configure SAML on Auth0
+------------------------
+
+1. Log in to `your Auth0 account <https://manage.auth0.com>`_.
+
+2. Select **Applications**.
+
+3. Click **Create Application**. 
+
+4. Enter an application name.
+
+5. Choose **Regular Web Applications** and click **Create**. 
+
+6. After your application is created, go to the **Addons** tab.
+
+7. Enable the **SAML 2 WEB APP** option.
+
+8. Click on the **SAML 2 WEB APP** option. The **Settings** tab opens.
+
+9. Set the ``Application Callback URL`` to the ``ACS URL`` from the Aiven Console.
+
+10. In the **Settings** section for the Application Callback URL, remove the existing configuration and add the following field mapping configuration:
+
+.. code-block:: shell
+
+  {
+    "email": "email",
+    "first_name": "first_name",
+    "identity": "email",
+    "last_name": "last_name",
+    "mapUnknownClaimsAsIs": true
+  }
+
+11. Click **Enable** and **Save**.
+
+12. On the **Usage** tab, make a note of the ``Identity Provider Login URL``,  ``Issuer URN``, and ``Identity Provider Certificate``. These are needed for the SAML configuration in Aiven Console.
+
+
+Finish the configuration in Aiven
+----------------------------------
+
+Go back to the Aiven Console to :ref:`configure the IdP <configure-idp-aiven-console>` and complete the setup.
+
+
+Troubleshooting
+---------------
+
+If you have issues, you can use the `SAML Tracer browser extension <https://addons.mozilla.org/firefox/addon/saml-tracer/>`_ to check the process step by step. 

docs/platform/howto/saml/add-azure-idp.rst

@@ -0,0 +1,116 @@
+Add Microsoft Azure Active Directory as an identity provider 
+=============================================================
+
+Use `Microsoft Azure Active Directory (AD) <https://azure.microsoft.com/en-us/products/active-directory/>`_ to give your organization users single sign-on (SSO) access to Aiven. 
+
+
+Prerequisite steps in Aiven Console
+------------------------------------
+
+Add Azure as an :ref:`identity provider <add-idp-aiven-console>` in the Console. 
+
+
+.. _configure-saml-azure:
+
+Configure SAML on Microsoft Azure
+----------------------------------
+
+First, you set up the application on Azure. Then, you add a claim and users.
+
+
+Set up an Azure application
+""""""""""""""""""""""""""""
+
+1. Log in to `Microsoft Azure <https://portal.azure.com/>`_.
+
+2. Got to **Enterprise applications**.
+
+3. Select **All applications**.
+
+4. Click **New application**.
+
+5. Select the **Add from the gallery** search bar and use the **Azure AD SAML Toolkit**.
+
+6. Click **Add**.
+
+7. Go back to the **Enterprise applications** list.
+
+   .. note::
+
+    The newly created application might not be visible yet. You can use the **All applications** filter to see the new application.  
+
+8. Click on the name of the new application. The configuration opens.
+
+9. Select **Single sign-on** configuration.
+
+10. Select **SAML** as the single sign-on method.
+
+11. Add the following parameters to the **Basic SAML Configuration**:
+
+.. list-table::
+      :header-rows: 1
+      :align: left
+
+      * - Parameter
+        - Value
+      * - ``Identifier (Entity ID)``
+        - ``https://api.aiven.io/v1/sso/saml/account/{account_id}/method/{account_authentication_method_id}/metadata``
+      * - ``Reply URL (Assertion Consumer Service URL)``
+        - ``https://api.aiven.io/v1/sso/saml/account/{account_id}/method/{account_authentication_method_id}/acs``
+      * - ``Sign on URL``
+        - ``https://console.aiven.io``
+
+
+12. Click **Save**.
+
+Create a claim and add users
+""""""""""""""""""""""""""""
+
+1. In the **User Attributes & Claims**, click **Add a new claim**.
+
+2. Create an attribute with the following data:
+
+.. list-table::
+      :header-rows: 1
+      :align: left
+
+      * - Parameter
+        - Value
+      * - ``Name``
+        - ``email``
+      * - ``Source``
+        - ``Attribute``
+      * - ``Source Attribute``
+        - ``user.mail``
+
+3. Download the **Certificate (Base64)** from the **SAML Signing Certificate** section.
+
+4. Go to **Users and groups** and click **Add user**. 
+
+5. Select the users that you want to use Azure AD to log in to Aiven. 
+
+6. Click **Assign**.
+
+
+Finish the configuration in Aiven
+----------------------------------
+
+Go back to the Aiven Console to :ref:`configure the IdP <configure-idp-aiven-console>` and complete the setup.
+
+
+Troubleshooting
+---------------
+
+If you get an error message suggesting you contact your administrator, try these steps: 
+
+#. Go to the Microsoft Azure AD user profile for the users.
+
+#. In **Contact Info**, check whether the **Email** field is blank.
+
+If it is blank, there are two possible solutions:
+
+* In **User Principal Name**, if the **Identity** field is an email address, try changing the **User Attributes & Claims** to ``email = user.userprincipalname``. 
+
+* In **Contact Info**, if none of the **Alternate email** fields are blank, try changing the **User Attributes & Claims** to ``email = user.othermail``. 
+
+If you still have login issues, you can use the `SAML Tracer browser extension <https://addons.mozilla.org/firefox/addon/saml-tracer/>`_ to check the process step by step. If this doesn't work, get in touch with our support team at [email protected].