From 0e666c3253ebdf7e4c4f7a087114fba227263581 Mon Sep 17 00:00:00 2001 From: Stacey Salamon Date: Thu, 14 Sep 2023 14:59:10 +0200 Subject: [PATCH 1/5] Add docs for managed users feature --- _toc.yml | 3 +++ docs/platform/howto/managed-users.rst | 10 ++++++++++ .../howto/set-authentication-policies.rst | 16 ++++++++++++++++ 3 files changed, 29 insertions(+) create mode 100644 docs/platform/howto/managed-users.rst create mode 100644 docs/platform/howto/set-authentication-policies.rst diff --git a/_toc.yml b/_toc.yml index c828787b35..95943fce77 100644 --- a/_toc.yml +++ b/_toc.yml @@ -67,7 +67,9 @@ entries: - file: docs/platform/howto/list-user title: User and access management entries: + - file: docs/platform/howto/managed-users - file: docs/platform/howto/manage-org-users + title: Invite and remove organization users - file: docs/platform/howto/list-user-profile entries: - file: docs/platform/howto/edit-user-profile @@ -77,6 +79,7 @@ entries: - file: docs/platform/howto/add-authentication-method - file: docs/platform/reference/password-policy - file: docs/platform/howto/user-2fa + - file: docs/platform/howto/set-authentication-policies - file: docs/platform/concepts/authentication-tokens - file: docs/platform/howto/create_authentication_token - file: docs/platform/howto/list-saml diff --git a/docs/platform/howto/managed-users.rst b/docs/platform/howto/managed-users.rst new file mode 100644 index 0000000000..18bb571ab7 --- /dev/null +++ b/docs/platform/howto/managed-users.rst @@ -0,0 +1,10 @@ +Managed users +============== + +Managed users provides a centralized way of managing all of your organization's users, including editing their profiles, resetting passwords, and :doc:`setting authentication policies `. + +When you :doc:`verify a domain `, your organization users automatically become managed users. These users are managed through your identitiy provider (IdP), meaning they are provisioned through the IdP. + +Managed users are not allowed to edit their user profiles. They cannot create new organizations unless they are the owner of the organization that they are managed by. + +To see a list of all users in your organization go to **Admin** and select **Users**. \ No newline at end of file diff --git a/docs/platform/howto/set-authentication-policies.rst b/docs/platform/howto/set-authentication-policies.rst new file mode 100644 index 0000000000..a3b73ddcec --- /dev/null +++ b/docs/platform/howto/set-authentication-policies.rst @@ -0,0 +1,16 @@ +Set authentication policies for managed users +============================================== + + +Set an authentication policy +------------------------------ + +To set an authentication policy for all users in an organization: + +#. Click **Admin**. + +#. Click **Authentication**. + +#. + + From 3b9c7bb80e1bdf9f5f587f636365ba7b79a61add Mon Sep 17 00:00:00 2001 From: Stacey Salamon Date: Fri, 15 Sep 2023 15:06:46 +0200 Subject: [PATCH 2/5] Add docs for managed users --- _toc.yml | 3 ++- docs/platform/concepts/managed-users.rst | 10 ++++++++++ docs/platform/howto/managed-users.rst | 10 ---------- .../howto/set-authentication-policies.rst | 15 +++++++++++---- 4 files changed, 23 insertions(+), 15 deletions(-) create mode 100644 docs/platform/concepts/managed-users.rst delete mode 100644 docs/platform/howto/managed-users.rst diff --git a/_toc.yml b/_toc.yml index 95943fce77..366d7c8b49 100644 --- a/_toc.yml +++ b/_toc.yml @@ -67,9 +67,9 @@ entries: - file: docs/platform/howto/list-user title: User and access management entries: - - file: docs/platform/howto/managed-users - file: docs/platform/howto/manage-org-users title: Invite and remove organization users + - file: docs/platform/concepts/managed-users - file: docs/platform/howto/list-user-profile entries: - file: docs/platform/howto/edit-user-profile @@ -80,6 +80,7 @@ entries: - file: docs/platform/reference/password-policy - file: docs/platform/howto/user-2fa - file: docs/platform/howto/set-authentication-policies + title: Set authentication policies - file: docs/platform/concepts/authentication-tokens - file: docs/platform/howto/create_authentication_token - file: docs/platform/howto/list-saml diff --git a/docs/platform/concepts/managed-users.rst b/docs/platform/concepts/managed-users.rst new file mode 100644 index 0000000000..ab8a934055 --- /dev/null +++ b/docs/platform/concepts/managed-users.rst @@ -0,0 +1,10 @@ +Managed users +============== + +The managed users feature provides a centralized way of managing all of your organization's users, including editing their profiles, resetting passwords, and :doc:`setting authentication policies `. + +When you :doc:`verify a domain `, existing organization users automatically become managed users. New users can be provisioned and managed through your identity provider (IdP). + +A managed user cannot create new organizations unless they are a super admin of the organization that they are managed by. They are also not allowed to edit their user profiles. + +To see a list of all users in your organization go to **Admin** and select **Users**. \ No newline at end of file diff --git a/docs/platform/howto/managed-users.rst b/docs/platform/howto/managed-users.rst deleted file mode 100644 index 18bb571ab7..0000000000 --- a/docs/platform/howto/managed-users.rst +++ /dev/null @@ -1,10 +0,0 @@ -Managed users -============== - -Managed users provides a centralized way of managing all of your organization's users, including editing their profiles, resetting passwords, and :doc:`setting authentication policies `. - -When you :doc:`verify a domain `, your organization users automatically become managed users. These users are managed through your identitiy provider (IdP), meaning they are provisioned through the IdP. - -Managed users are not allowed to edit their user profiles. They cannot create new organizations unless they are the owner of the organization that they are managed by. - -To see a list of all users in your organization go to **Admin** and select **Users**. \ No newline at end of file diff --git a/docs/platform/howto/set-authentication-policies.rst b/docs/platform/howto/set-authentication-policies.rst index a3b73ddcec..44706474fd 100644 --- a/docs/platform/howto/set-authentication-policies.rst +++ b/docs/platform/howto/set-authentication-policies.rst @@ -1,16 +1,23 @@ -Set authentication policies for managed users -============================================== +Set authentication policies for organization users +=================================================== +The authentication policy for your organization specifies the ways that users can access your organization on the Aiven platform. + +You can, for example, restrict organization users to using single sign-on through a :doc:`verified domain `. Alternatively, you can allow them to create a password or use third-party authentication providers like Google, Microsoft, and GitHub. For an added layer of security, you can enforce two-factor authentication for password logins. + +:doc:`Managed users ` cannot log in with disabled authentication methods. Users that are not managed can log in with disabled methods, but they won't have access to the organization if they do. Set an authentication policy ------------------------------ To set an authentication policy for all users in an organization: -#. Click **Admin**. +#. In the organization, click **Admin**. #. Click **Authentication**. -#. +#. Click the toggle for each authentication method that you want to allow. + +#. Click **Save changes**. From dc0bbb3f6b51ec4df6aee179d6aed1cedbf08236 Mon Sep 17 00:00:00 2001 From: Stacey Salamon Date: Fri, 29 Sep 2023 17:39:13 +0200 Subject: [PATCH 3/5] Remove auth policies article --- _toc.yml | 1 - .../howto/set-authentication-policies.rst | 23 ------------------- 2 files changed, 24 deletions(-) delete mode 100644 docs/platform/howto/set-authentication-policies.rst diff --git a/_toc.yml b/_toc.yml index 366d7c8b49..f0f7f50c8b 100644 --- a/_toc.yml +++ b/_toc.yml @@ -79,7 +79,6 @@ entries: - file: docs/platform/howto/add-authentication-method - file: docs/platform/reference/password-policy - file: docs/platform/howto/user-2fa - - file: docs/platform/howto/set-authentication-policies title: Set authentication policies - file: docs/platform/concepts/authentication-tokens - file: docs/platform/howto/create_authentication_token diff --git a/docs/platform/howto/set-authentication-policies.rst b/docs/platform/howto/set-authentication-policies.rst deleted file mode 100644 index 44706474fd..0000000000 --- a/docs/platform/howto/set-authentication-policies.rst +++ /dev/null @@ -1,23 +0,0 @@ -Set authentication policies for organization users -=================================================== - -The authentication policy for your organization specifies the ways that users can access your organization on the Aiven platform. - -You can, for example, restrict organization users to using single sign-on through a :doc:`verified domain `. Alternatively, you can allow them to create a password or use third-party authentication providers like Google, Microsoft, and GitHub. For an added layer of security, you can enforce two-factor authentication for password logins. - -:doc:`Managed users ` cannot log in with disabled authentication methods. Users that are not managed can log in with disabled methods, but they won't have access to the organization if they do. - -Set an authentication policy ------------------------------- - -To set an authentication policy for all users in an organization: - -#. In the organization, click **Admin**. - -#. Click **Authentication**. - -#. Click the toggle for each authentication method that you want to allow. - -#. Click **Save changes**. - - From 820eea3e8784c5c11cb7f6660f0cf94a314881c9 Mon Sep 17 00:00:00 2001 From: Stacey Salamon Date: Fri, 8 Dec 2023 12:39:36 +0100 Subject: [PATCH 4/5] Add early availability note --- docs/platform/concepts/managed-users.rst | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/docs/platform/concepts/managed-users.rst b/docs/platform/concepts/managed-users.rst index ab8a934055..b03ddc86e0 100644 --- a/docs/platform/concepts/managed-users.rst +++ b/docs/platform/concepts/managed-users.rst @@ -1,10 +1,13 @@ Managed users ============== +.. important:: + Managed users is an :doc:`early availability feature `. To use it, :doc:`enable the feature preview ` in your user profile. + The managed users feature provides a centralized way of managing all of your organization's users, including editing their profiles, resetting passwords, and :doc:`setting authentication policies `. -When you :doc:`verify a domain `, existing organization users automatically become managed users. New users can be provisioned and managed through your identity provider (IdP). +When you :doc:`verify a domain `, existing organization users automatically become managed users. -A managed user cannot create new organizations unless they are a super admin of the organization that they are managed by. They are also not allowed to edit their user profiles. +A managed user cannot create new organizations unless they are a super admin of the organization that they are managed by. To see a list of all users in your organization go to **Admin** and select **Users**. \ No newline at end of file From 4cb6d7bfcb1b877b6daf94eaa93e61418e953a00 Mon Sep 17 00:00:00 2001 From: Stacey Salamon Date: Fri, 8 Dec 2023 12:45:23 +0100 Subject: [PATCH 5/5] Update TOC --- _toc.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/_toc.yml b/_toc.yml index f0f7f50c8b..7eb1ca31e6 100644 --- a/_toc.yml +++ b/_toc.yml @@ -70,6 +70,8 @@ entries: - file: docs/platform/howto/manage-org-users title: Invite and remove organization users - file: docs/platform/concepts/managed-users + - file: docs/platform/howto/delete-user + - file: docs/platform/howto/make-super-admin - file: docs/platform/howto/list-user-profile entries: - file: docs/platform/howto/edit-user-profile