diff --git a/.github/vale/dicts/aiven.dic b/.github/vale/dicts/aiven.dic
index d0897fad6d..8d08282eab 100644
--- a/.github/vale/dicts/aiven.dic
+++ b/.github/vale/dicts/aiven.dic
@@ -122,6 +122,7 @@ inodes
Instana
IdP
IdPs
+IdP's
io
iops
IPsec
diff --git a/.github/vale/styles/Aiven/capitalization_headings.yml b/.github/vale/styles/Aiven/capitalization_headings.yml
index 8fdf5d8f5e..6cad067359 100644
--- a/.github/vale/styles/Aiven/capitalization_headings.yml
+++ b/.github/vale/styles/Aiven/capitalization_headings.yml
@@ -86,6 +86,7 @@ exceptions:
- Loggly
- Logtail
- Microsoft Azure
+ - Microsoft Azure Active Directory
- MirrorMaker
- MongoDB
- MySQL
diff --git a/_redirects b/_redirects
index 38d32d89ae..62808fbdb0 100644
--- a/_redirects
+++ b/_redirects
@@ -13,7 +13,6 @@
/api /docs/tools/api
/cli /docs/tools/cli.html
/terraform /docs/tools/terraform
-/community https://aiven.io/community/
# Renamed/deleted files
/docs/products/flink/howto/real-time-alerting-solution-cli.html /docs/products/flink/howto/real-time-alerting-solution.html
@@ -48,7 +47,7 @@
/docs/products/clickhouse/howto/add-service-users /docs/products/clickhouse/howto/manage-users-roles
/docs/products/clickhouse/howto/add-service-users.html /docs/products/clickhouse/howto/manage-users-roles.html
/docs/products/clickhouse/sample-dataset.html /docs/products/clickhouse/howto/load-dataset.html
-/docs/products/flink/howto/create-job.html /docs/products/flink/howto/create-job/create-flink-applications.html
+/docs/products/flink/howto/create-job.html /docs/products/flink/howto/create-job/create-flink-applications.html
/docs/products/flink/concepts/flink-for-analysts.html /docs/products/flink/list-overview.html
/docs/products/flink/concepts/flink-for-operators.html /docs/products/flink/list-overview.html
/docs/products/flink/howto/real-time-alerting-solution /docs/tutorials/anomaly-detection
@@ -59,18 +58,20 @@
/docs/platform/concepts/byoa.html /docs/platform/concepts/byoc.html
/docs/products/opensearch/howto/list-upgrade /docs/products/opensearch/howto
/docs/products/opensearch/howto/upgrade-to-opensearch /docs/products/opensearch/concepts/opensearch-vs-elasticsearch
-/docs/tutorials /docs/integrations
-/docs/platform/howto/list-support /docs/platform/howto/project-support-center
-/docs/platform/howto/change-support-tier /docs/platform/howto/project-support-center
-/docs/platform/concepts/service-level-agreement /docs/platform/howto/project-support-center
-/docs/products/postgresql/reference/list-of-advanced-params /docs/products/postgresql/reference/advanced-params
-/docs/products/kafka/reference/kstream-data-write-issue https://aiven.io/changelog#06-12-2023
-/docs/tools/api/examples /docs/tools/api
+/docs.aiven.io/docs/platform/howto/list-saml /docs.aiven.io/docs/platform/howto/list-identity-providers
+/docs/platform/howto/saml/saml-authentication /docs/platform/howto/saml/add-identity-providers
+/docs/platform/howto/saml/setup-saml-auth0 /docs/platform/howto/saml/add-auth0-idp
+/docs/platform/howto/saml/setup-saml-azure /docs/platform/howto/saml/add-azure-idp
+/docs/platform/howto/saml/setup-saml-fusionauth /docs/platform/howto/saml/add-fusionauth-idp
+/docs/platform/howto/saml/setup-saml-google /docs/platform/howto/saml/add-google-idp
+/docs/platform/howto/saml/setup-saml-jumpcloud /docs/platform/howto/saml/add-jumpcloud-idp
+/docs/platform/howto/saml/setup-saml-okta /docs/platform/howto/saml/add-okta-idp
+/docs/platform/howto/saml/setup-saml-onelogin /docs/platform/howto/saml/add-onelogin-idp
-# Moved to https://aiven.io/developer
+# Moved to https://aiven.io/developer
/docs/tools/terraform/reference/cookbook https://aiven.io/developer/terraform
-/docs/tools/terraform/reference/cookbook.html https://aiven.io/developer/terraform
+/docs/tools/terraform/reference/cookbook.html https://aiven.io/developer/terraform
/docs/tools/terraform/reference/cookbook/kafka-connect-terraform-recipe https://aiven.io/developer/apache-kafka-to-opensearch-terraform
/docs/tools/terraform/reference/cookbook/multicloud-postgresql-recipe https://aiven.io/developer/multicloud-postgresql-terraform
/docs/tools/terraform/reference/cookbook/kafka-flink-integration-recipe https://aiven.io/developer/kafka-source-sink-flink-integration
@@ -81,31 +82,13 @@
/docs/tools/terraform/reference/cookbook/kafka-mongodb-recipe https://aiven.io/developer/apache-kafka-with-mongodb
/docs/tools/terraform/reference/cookbook/kafka-debezium-postgres-source https://aiven.io/developer/debezium-source-postgresql-kafka-across-clouds
/docs/tools/terraform/reference/cookbook/kafka-topics-http-connector-recipe https://aiven.io/developer/kafka-with-http-sink
-/docs/tools/terraform/reference/cookbook/kafka-custom-conf-recipe https://aiven.io/developer/apache-kafka-with-custom-configurations
+/docs/tools/terraform/reference/cookbook/kafka-custom-conf-recipe https://aiven.io/developer/apache-kafka-with-custom-configurations
/docs/tools/terraform/reference/cookbook/m3db-m3agg-recipe https://aiven.io/developer/m3-aggregator-integration
/docs/tools/terraform/reference/cookbook/postgresql-read-replica-recipe https://aiven.io/developer/postgresql-read-only-terraform
/docs/tools/terraform/reference/cookbook/clickhouse-access-setup-recipe https://aiven.io/developer/manage-user-privileges-clickhouse-terraform
/docs/products/clickhouse/howto/configure-access-terraform-deployed https://aiven.io/developer/manage-user-privileges-clickhouse-terraform
/docs/tools/terraform/reference/cookbook/kafka-clickhouse-integration-recipe https://aiven.io/developer/kafka-source-for-clickhouse
-/docs/tools/terraform/reference/cookbook/postgres-clickhouse-integration-recipe https://aiven.io/developer/postgresql-source-for-clickhouse
-/docs/community/challenge/catch-the-bus https://aiven.io/community/
-/docs/community/challenge/the-rolling-challenge https://aiven.io/community/
-/docs/tools/cli/account/account-authentication-method /docs/tools/cli/account
-/docs/tools/cli/card /docs/tools/cli/account
-
-
-/docs/tools/api/examples /docs/tools/api
-/docs/products/postgresql/getting-started /docs/products/postgresql/get-started
-/docs/products/m3db/getting-started /docs/products/m3db/get-started
-/docs/products/flink/getting-started /docs/products/flink/get-started
-/docs/products/kafka/getting-started /docs/products/kafka/get-started
-/docs/products/clickhouse/getting-started /docs/products/clickhouse/get-started
-/docs/products/opensearch/getting-started /docs/products/opensearch/get-started
-/docs/products/kafka/karapace/getting-started /docs/products/kafka/karapace/get-started
-/docs/products/kafka/kafka-connect/getting-started /docs/products/kafka/kafka-connect/get-started
-/docs/products/opensearch/dashboards/getting-started /docs/products/opensearch/dashboards/get-started
-/docs/products/kafka/kafka-mirrormaker/getting-started /docs/products/kafka/kafka-mirrormaker/get-started
-
+/docs/tools/terraform/reference/cookbook/postgres-clickhouse-integration-recipe https://aiven.io/developer/postgresql-source-for-clickhouse
# Redirect from .index.html to specific page names for landing
diff --git a/_toc.yml b/_toc.yml
index 368c566c97..fc7b87f3b0 100644
--- a/_toc.yml
+++ b/_toc.yml
@@ -88,17 +88,17 @@ entries:
title: Set authentication policies
- file: docs/platform/concepts/authentication-tokens
- file: docs/platform/howto/create_authentication_token
- - file: docs/platform/howto/list-saml
- title: SAML authentication
- entries:
- - file: docs/platform/howto/saml/saml-authentication
- - file: docs/platform/howto/saml/setup-saml-auth0
- - file: docs/platform/howto/saml/setup-saml-azure
- - file: docs/platform/howto/saml/setup-saml-fusionauth
- - file: docs/platform/howto/saml/setup-saml-jumpcloud
- - file: docs/platform/howto/saml/setup-saml-okta
- - file: docs/platform/howto/saml/setup-saml-onelogin
- - file: docs/platform/howto/saml/setup-saml-google
+ - file: docs/platform/howto/list-identity-providers
+ title: Identity providers
+ entries:
+ - file: docs/platform/howto/saml/add-identity-providers
+ - file: docs/platform/howto/saml/add-auth0-idp
+ - file: docs/platform/howto/saml/add-azure-idp
+ - file: docs/platform/howto/saml/add-fusionauth-idp
+ - file: docs/platform/howto/saml/add-jumpcloud-idp
+ - file: docs/platform/howto/saml/add-okta-idp
+ - file: docs/platform/howto/saml/add-onelogin-idp
+ - file: docs/platform/howto/saml/add-google-idp
- file: docs/platform/howto/list-groups
entries:
- file: docs/platform/howto/manage-groups
diff --git a/docs/platform/howto/list-identity-providers.rst b/docs/platform/howto/list-identity-providers.rst
new file mode 100644
index 0000000000..b28a075d36
--- /dev/null
+++ b/docs/platform/howto/list-identity-providers.rst
@@ -0,0 +1,6 @@
+Identity providers
+===================
+
+Give your organization users access to Aiven through SAML-based single sign-on with your preferred identity provider.
+
+.. tableofcontents::
diff --git a/docs/platform/howto/list-saml.rst b/docs/platform/howto/list-saml.rst
deleted file mode 100644
index c8d8329c7c..0000000000
--- a/docs/platform/howto/list-saml.rst
+++ /dev/null
@@ -1,6 +0,0 @@
-SAML authentication
-===================
-
-Browse through instructions to setup SAML authentication with all the major identity providers.
-
-.. tableofcontents::
diff --git a/docs/platform/howto/saml/add-auth0-idp.rst b/docs/platform/howto/saml/add-auth0-idp.rst
new file mode 100644
index 0000000000..c513a20b86
--- /dev/null
+++ b/docs/platform/howto/saml/add-auth0-idp.rst
@@ -0,0 +1,62 @@
+Add Auth0 as an identity provider
+=================================
+
+Use `Auth0 `_ to give your organization users single sign-on (SSO) access to Aiven.
+
+
+Prerequisite steps in Aiven Console
+------------------------------------
+
+Add Auth0 as an :ref:`identity provider ` in the Console.
+
+
+.. _configure-saml-auth0:
+
+Configure SAML on Auth0
+------------------------
+
+1. Log in to `your Auth0 account `_.
+
+2. Select **Applications**.
+
+3. Click **Create Application**.
+
+4. Enter an application name.
+
+5. Choose **Regular Web Applications** and click **Create**.
+
+6. After your application is created, go to the **Addons** tab.
+
+7. Enable the **SAML 2 WEB APP** option.
+
+8. Click on the **SAML 2 WEB APP** option. The **Settings** tab opens.
+
+9. Set the ``Application Callback URL`` to the ``ACS URL`` from the Aiven Console.
+
+10. In the **Settings** section for the Application Callback URL, remove the existing configuration and add the following field mapping configuration:
+
+.. code-block:: shell
+
+ {
+ "email": "email",
+ "first_name": "first_name",
+ "identity": "email",
+ "last_name": "last_name",
+ "mapUnknownClaimsAsIs": true
+ }
+
+11. Click **Enable** and **Save**.
+
+12. On the **Usage** tab, make a note of the ``Identity Provider Login URL``, ``Issuer URN``, and ``Identity Provider Certificate``. These are needed for the SAML configuration in Aiven Console.
+
+
+Finish the configuration in Aiven
+----------------------------------
+
+Go back to the Aiven Console to :ref:`configure the IdP ` and complete the setup.
+
+
+Troubleshooting
+---------------
+
+If you have issues, you can use the `SAML Tracer browser extension `_ to check the process step by step.
diff --git a/docs/platform/howto/saml/add-azure-idp.rst b/docs/platform/howto/saml/add-azure-idp.rst
new file mode 100644
index 0000000000..742dbf7572
--- /dev/null
+++ b/docs/platform/howto/saml/add-azure-idp.rst
@@ -0,0 +1,116 @@
+Add Microsoft Azure Active Directory as an identity provider
+=============================================================
+
+Use `Microsoft Azure Active Directory (AD) `_ to give your organization users single sign-on (SSO) access to Aiven.
+
+
+Prerequisite steps in Aiven Console
+------------------------------------
+
+Add Azure as an :ref:`identity provider ` in the Console.
+
+
+.. _configure-saml-azure:
+
+Configure SAML on Microsoft Azure
+----------------------------------
+
+First, you set up the application on Azure. Then, you add a claim and users.
+
+
+Set up an Azure application
+""""""""""""""""""""""""""""
+
+1. Log in to `Microsoft Azure `_.
+
+2. Got to **Enterprise applications**.
+
+3. Select **All applications**.
+
+4. Click **New application**.
+
+5. Select the **Add from the gallery** search bar and use the **Azure AD SAML Toolkit**.
+
+6. Click **Add**.
+
+7. Go back to the **Enterprise applications** list.
+
+ .. note::
+
+ The newly created application might not be visible yet. You can use the **All applications** filter to see the new application.
+
+8. Click on the name of the new application. The configuration opens.
+
+9. Select **Single sign-on** configuration.
+
+10. Select **SAML** as the single sign-on method.
+
+11. Add the following parameters to the **Basic SAML Configuration**:
+
+.. list-table::
+ :header-rows: 1
+ :align: left
+
+ * - Parameter
+ - Value
+ * - ``Identifier (Entity ID)``
+ - ``https://api.aiven.io/v1/sso/saml/account/{account_id}/method/{account_authentication_method_id}/metadata``
+ * - ``Reply URL (Assertion Consumer Service URL)``
+ - ``https://api.aiven.io/v1/sso/saml/account/{account_id}/method/{account_authentication_method_id}/acs``
+ * - ``Sign on URL``
+ - ``https://console.aiven.io``
+
+
+12. Click **Save**.
+
+Create a claim and add users
+""""""""""""""""""""""""""""
+
+1. In the **User Attributes & Claims**, click **Add a new claim**.
+
+2. Create an attribute with the following data:
+
+.. list-table::
+ :header-rows: 1
+ :align: left
+
+ * - Parameter
+ - Value
+ * - ``Name``
+ - ``email``
+ * - ``Source``
+ - ``Attribute``
+ * - ``Source Attribute``
+ - ``user.mail``
+
+3. Download the **Certificate (Base64)** from the **SAML Signing Certificate** section.
+
+4. Go to **Users and groups** and click **Add user**.
+
+5. Select the users that you want to use Azure AD to log in to Aiven.
+
+6. Click **Assign**.
+
+
+Finish the configuration in Aiven
+----------------------------------
+
+Go back to the Aiven Console to :ref:`configure the IdP ` and complete the setup.
+
+
+Troubleshooting
+---------------
+
+If you get an error message suggesting you contact your administrator, try these steps:
+
+#. Go to the Microsoft Azure AD user profile for the users.
+
+#. In **Contact Info**, check whether the **Email** field is blank.
+
+If it is blank, there are two possible solutions:
+
+* In **User Principal Name**, if the **Identity** field is an email address, try changing the **User Attributes & Claims** to ``email = user.userprincipalname``.
+
+* In **Contact Info**, if none of the **Alternate email** fields are blank, try changing the **User Attributes & Claims** to ``email = user.othermail``.
+
+If you still have login issues, you can use the `SAML Tracer browser extension `_ to check the process step by step. If this doesn't work, get in touch with our support team at support@Aiven.io.
diff --git a/docs/platform/howto/saml/add-fusionauth-idp.rst b/docs/platform/howto/saml/add-fusionauth-idp.rst
new file mode 100644
index 0000000000..de1c618a2f
--- /dev/null
+++ b/docs/platform/howto/saml/add-fusionauth-idp.rst
@@ -0,0 +1,99 @@
+Add FusionAuth as an identity provider
+=======================================
+
+Use `FusionAuth `_ to give your organization users single sign-on (SSO) access to Aiven.
+
+
+Prerequisite steps in Aiven Console
+------------------------------------
+
+Add FusionAuth as an :ref:`identity provider ` in the Console.
+
+
+.. _configure-saml-fusionauth:
+
+Configure SAML on FusionAuth
+----------------------------
+
+The setup on FusionAuth has three parts:
+
+* create an API key
+* generate a custom RSA certificate
+* create an application
+
+First you need to create an API Key in your FusionAuth instance:
+
+#. In FusionAuth, go to **Settings** > **API Keys**.
+
+#. Click the **Add** icon.
+
+#. Enter a description for the key (for example, "Certificate generator").
+
+#. In the **Endpoints** list, find ``/api/key/import``.
+
+#. Toggle on **POST**.
+
+#. Click the **Save** icon.
+
+ .. image:: /images/platform/howto/saml/fusionauth/create-api-key.png
+ :alt: Creating API Key.
+
+#. On the **API Keys** page, find your new key and click on the value in the **Key** column.
+
+#. Copy the whole key. You’ll use this for the script.
+
+ .. image:: /images/platform/howto/saml/fusionauth/grab-api-key.png
+ :alt: Grabbing API Key.
+
+#. Clone `the FusionAuth example scripts GitHub repository `__.
+
+ .. code:: shell
+
+ git clone git@github.com:FusionAuth/fusionauth-example-scripts.git
+ cd fusionauth-example-scripts/v3-certificate
+
+#. Run the ``generate-certificate`` script.
+
+ .. code:: shell
+
+ ./generate-certificate
+
+#. Give the key a meaningful name (for example, "Aiven key").
+
+#. Copy the generated certificate that the script creates. You now have a certificate in the **Key Master** in your FusionAuth instance.
+
+Next, create an application in your FusionAuth instance:
+
+#. In **Applications**, click the **Add** icon.
+
+#. Enter a name for the application (for example, "Aiven").
+
+#. On the **SAML** tab, and toggle on the **Enabled** switch.
+
+#. Paste the **Metadata URL** and **ACS URL** you copied from the Aiven Console to the **Issuer** and
+**Authorized redirect URLs** fields in your FusionAuth application, respectively.
+
+.. list-table::
+ :header-rows: 1
+ :align: left
+
+ * - Aiven
+ - FusionAuth
+ * - Metadata URL
+ - Issuer
+ * - ACS URL
+ - Authorized redirect URLs
+
+#. In the **Authentication response** section, change the **Signing key** to the API key you created.
+
+#. Click the **Save** icon to save your application.
+
+#. On the **Applications** page, click the magnifying glass.
+
+#. In the **SAML v2 Integration details** section, copy the **Entity Id** and **Login URL**.
+
+
+Finish the configuration in Aiven
+----------------------------------
+
+Go back to the Aiven Console to :ref:`configure the IdP ` and complete the setup.
diff --git a/docs/platform/howto/saml/add-google-idp.rst b/docs/platform/howto/saml/add-google-idp.rst
new file mode 100644
index 0000000000..4a8900c413
--- /dev/null
+++ b/docs/platform/howto/saml/add-google-idp.rst
@@ -0,0 +1,57 @@
+Add Google as an identity provider
+===================================
+
+Use Google to give your organization users single sign-on (SSO) access to Aiven.
+
+
+Prerequisite steps in Aiven Console
+------------------------------------
+
+Add Google as an :ref:`identity provider ` in the Console.
+
+
+.. _configure-saml-google:
+
+Configure SAML on Google
+------------------------
+
+1. Log in to Google Admin console.
+
+2. Go to Menu -> Apps -> Web and mobile apps.
+
+3. Click Add App -> Add custom SAML app.
+
+4. On the App Details page, enter a name for the Aiven profile.
+
+5. Click Continue.
+
+6. On the Google Identity Provider details page, Copy the **SSO URL**, **Entity ID** and the **Certificate**. These are needed later for the SAML configuration in Aiven Console.
+
+7. Click Continue.
+
+8. In the Service Provider Details window, set the following parameters:
+
+ .. list-table::
+ :header-rows: 1
+ :align: left
+
+ * - Parameter
+ - Value
+ * - ``Entity ID``
+ - ``Metadata URL`` from Aiven Console
+ * - ``ACS URL``
+ - ``ACS URL`` from Aiven Console
+ * - ``Name ID format``
+ - ``EMAIL``
+ * - ``App attributes``
+ - ``email``
+
+9. Click Finish.
+
+10. Turn on your SAML app.
+
+
+Finish the configuration in Aiven
+----------------------------------
+
+Go back to the Aiven Console to :ref:`configure the IdP ` and complete the setup.
\ No newline at end of file
diff --git a/docs/platform/howto/saml/add-identity-providers.rst b/docs/platform/howto/saml/add-identity-providers.rst
new file mode 100644
index 0000000000..75e1850653
--- /dev/null
+++ b/docs/platform/howto/saml/add-identity-providers.rst
@@ -0,0 +1,144 @@
+Add identity providers
+=======================
+
+You can give your organization users access to Aiven through an identity provider (IdP).
+
+To set up single sign-on through an IdP for your organization:
+
+1. Add the identity provider in the `Aiven Console `_ .
+2. Configure SAML on your IdP.
+3. Finalize the setup in the Aiven Console using information from your IdP.
+4. Link your users to the identity provider.
+
+.. _add-idp-aiven-console:
+
+Step 1. Add the IdP in the Aiven Console
+-----------------------------------------
+
+#. In the organization, click **Admin**.
+
+#. Click **Identity providers**.
+
+#. Click **Add identity provider**.
+
+#. Select an IdP and enter a name.
+
+#. On the **Configuration** step are two parameters that you need to set up the SAML authentication in your IdP:
+
+* Metadata URL
+* ACS URL
+
+
+Step 2. Configure SAML on your IdP
+-----------------------------------
+
+Use the metadata URL and ACS URL from the Aiven Console to configure a new application in your IdP. Setup instructions are available for these specific providers:
+
+* :ref:`Auth0 `
+* :ref:`FusionAuth `
+* :ref:`Microsoft Azure Active Directory `
+* :ref:`Okta `
+* :ref:`OneLogin `
+* :ref:`Google `
+
+If your provider isn't listed, contact the support team at support@Aiven.io for help with the configuration.
+
+.. _configure-idp-aiven-console:
+
+Step 3. Finish the configuration in Aiven
+------------------------------------------
+
+Go back to the Aiven Console to complete setting up the IdP:
+
+#. Enter the **IDP URL** and **Entity Id** details.
+
+.. list-table::
+ :header-rows: 1
+ :align: left
+
+ * - Aiven
+ - Auth0
+ - Azure AD
+ - FusionAuth
+ - Google
+ - JumpCloud
+ - Okta
+ - OneLogin
+ * - **IdP URL**
+ - ``Identity Provider Login URL``
+ - ``Login URL``
+ - ``Login URL``
+ - ``SSO URL``
+ - ``IDP URL``
+ - ``Identity Provider Single Sign-On URL``
+ - ``SAML 2.0 Endpoint (HTTP)``
+ * - **Entity ID**
+ - ``Issuer URN``
+ - ``Azure AD Identifier``
+ - ``Entity ID``
+ - ``Entity ID``
+ - ``IdP Entity ID``
+ - ``Identity Provider Issuer``
+ - ``Issuer URL``
+
+#. Paste the certificate from the IdP into the **Certificate** field.
+
+#. (Optional) Paste or upload a JSON file with configuration details for your IdP.
+
+#. Click **Next**.
+
+#. Configure the security options for this IdP:
+
+ * Require authentication context: This lets the IdP enforce stricter security measures to help prevent unauthorized access, such as requiring multi-factor authentication.
+
+ * Require assertion to be signed: The IdP will check for a digital signature. This security measure ensures the integrity and authenticity of the assertions by verifying that they were issued by a trusted party and have not been tampered with.
+
+ * Sign authorization request sent to IdP: A digital signature is added to the request to verify its authenticity and integrity.
+
+#. Click **Next** and complete the setup.
+
+If you saved your IdP as a draft, you can open the settings by clicking the name of the IdP.
+
+.. note::
+ If you set up a SAML authentication method before and are now switching to a new IdP, existing users need to log in with the new account link URL to finish the setup.
+
+
+Step 4. Link your users to the identity provider
+--------------------------------------------------
+
+Your organization users should automatically be able to use the identity provider to sign up and log in to Aiven. You can also handle this manually using URLs:
+
+#. On the **Identity providers** page, click the name of the IdP.
+
+#. In the **Overview** section there are two URLs:
+
+ * **Signup URL**: Users that don't have an Aiven user account can use this to create a new Aiven user linked to this IdP.
+
+ * **User account link URL**: Users that already have an Aiven user account can link their existing Aiven user with this IdP.
+
+#. Send the appropriate URL to your organization users. If you set up a different IdP before and are now switching to a new IdP, existing users need to log in with the new account link URL to finish the setup.
+
+When a user clicks on the link, they will be redirected to a page to link their Aiven user account with the IdP:
+
+* For existing users that are already logged into the Aiven Console
+
+ #. Click on the **Link profile** button. You are redirected to your IdP's authentication page.
+ #. Once logged in to the provider, you will be redirected back to the Aiven Console and the IdP is linked to your profile. You can use the IdP for all future logins.
+
+* For existing users that are not logged into the Aiven Console
+
+ #. Click on the **Login** button.
+ #. On the login page of the Aiven Console, log in as usual. You are redirected to your IdP's authentication page.
+ #. Once logged in to the provider, you are redirected back to the Aiven Console and the IdP is linked to your profile. You can use the IdP for all future logins.
+
+* For new users without an Aiven user account
+
+ #. Click **Sign up**. You are redirected to your IdP's authentication page.
+ #. Once logged in to the provider, you are redirected back to the Aiven sign up page.
+ #. Complete the sign up process. The IdP is linked to your profile and you can use it for all future logins.
+
+
+Troubleshooting
+---------------
+
+If you have issues, you can use the `SAML Tracer browser extension `_ to check the process step by step.
\ No newline at end of file
diff --git a/docs/platform/howto/saml/add-jumpcloud-idp.rst b/docs/platform/howto/saml/add-jumpcloud-idp.rst
new file mode 100644
index 0000000000..a8be5fc9c2
--- /dev/null
+++ b/docs/platform/howto/saml/add-jumpcloud-idp.rst
@@ -0,0 +1,45 @@
+Add JumpCloud as an identity provider
+======================================
+
+Use `JumpCloud `_ to give your organization users single sign-on (SSO) access to Aiven.
+
+
+Prerequisite steps in Aiven Console
+------------------------------------
+
+Add JumpCloud as an :ref:`identity provider ` in the Console.
+
+
+.. _configure-saml-jumpcloud:
+
+Configure SAML on JumpCloud
+----------------------------
+
+#. In the `JumpCloud admin console `_, go to **SSO**.
+
+#. Select **Custom SAML App**.
+
+#. Set the **IdP Entity ID**.
+
+#. Set the ``Audience URI (SP Entity ID)`` to the ``Metadata URL`` from the Aiven Console.
+
+#. Set the ``ACS URL`` to the one from the Aiven Console.
+
+#. Set the ``Default RelayState`` to the homepage of the Aiven Console, https://console.aiven.io.
+
+#. Add an entry in **Attribute statements** with ``Service Provider Attribute Name`` of ``email`` and ``JumpCloud Attribute Name`` of ``email``.
+
+#. Set the ``Login URL`` to the ``ACS URL`` from the Aiven Console.
+
+#. In **User Groups**, assign the application to your user groups.
+
+#. Click **Activate**.
+
+#. Download the certificate.
+
+
+Finish the configuration in Aiven
+----------------------------------
+
+Go back to the Aiven Console to :ref:`configure the IdP ` and complete the setup.
+
diff --git a/docs/platform/howto/saml/add-okta-idp.rst b/docs/platform/howto/saml/add-okta-idp.rst
new file mode 100644
index 0000000000..7579fb62d8
--- /dev/null
+++ b/docs/platform/howto/saml/add-okta-idp.rst
@@ -0,0 +1,120 @@
+Add Okta as an identity provider
+================================
+
+Use `Okta `_ to give your organization users single sign-on (SSO) access to Aiven.
+
+
+Prerequisite steps in Aiven Console
+------------------------------------
+
+Add Okta as an :ref:`identity provider ` in the Console.
+
+
+.. _configure-saml-okta:
+
+Configure SAML on Okta
+-----------------------
+
+This is a two step process. First, you create the SAML SP-Initiated authentication flow and then you create a bookmark app that will redirect to the Aiven Console's login page.
+
+#. Log in to the `Okta administrator console `_.
+
+#. Go to the **Applications** tab.
+
+#. Click **Create a new app integration**.
+
+#. Select **SAML 2.0** for the **Sign on method**, then click **Next**.
+
+#. Enter a name for the app and add a logo.
+
+#. Set it's visibility for your Okta users and click **Next**.
+
+#. Set the following values in the app configuration:
+
+
+ .. list-table::
+ :widths: 10 90
+ :header-rows: 1
+ :align: left
+
+ * - Parameter
+ - Value
+ * - ``Single sign on URL``
+ - ``ACS URL``
+ * - ``Audience URI (SP Entity ID)``
+ - ``Metadata URL``
+ * - ``Default RelayState``
+ - ``https://console.aiven.io/`` when using the Aiven Console
+
+ ``https://console.gcp.aiven.io/`` when using Aiven GCP Marketplace Console
+
+ ``https://console.aws.aiven.io/`` when using Aiven AWS Marketplace Console
+
+ .. important::
+ The ``Default RelayState`` is the homepage of the Aiven Console and is fundamental for IdP initiated sign on to function correctly.
+
+#. Add an entry to **Attribute statements** with:
+
+ .. list-table::
+ :widths: 10 90
+ :header-rows: 1
+ :align: left
+
+ * - Parameter
+ - Value
+ * - ``name``
+ - ``email``
+ * - ``value``
+ - ``user.email``
+
+#. Click **Next** and then click **Finish**. You are redirected to your application in Okta.
+
+#. Click the **View Setup Instructions** for the application.
+
+#. Go to the **Sign On** tab and copy the application data to be used in the final configuration in Aiven:
+
+ * ``Identity Provider Signle Sign-On URL``
+
+ * ``Identity Provider Issuer``
+
+ * ``X.509 Certificate``
+
+#. Go to the **Assignments** tab.
+
+#. Click **Assign** to assign users or groups to the Okta application.
+
+.. note::
+
+ New users need to be assigned to the Aiven application in Okta for the login to be successful.
+
+
+Finish the configuration in Aiven
+----------------------------------
+
+Go back to the Aiven Console to :ref:`configure the IdP ` and complete the setup.
+
+
+Troubleshooting
+---------------
+
+Authentication failed
+~~~~~~~~~~~~~~~~~~~~~
+
+When launching the Aiven SAML application, you get the following error::
+
+ Authentication Failed
+
+ Login failed. Please contact your account administrator for more details.
+
+Check that **IdP initiated login** is enabled.
+
+
+Invalid ``RelayState``
+~~~~~~~~~~~~~~~~~~~~~~
+
+If you get the ``Invalid RelayState`` error, then you are attempting an IdP-initiated auth flow. This happens, for example, when you click the Aiven SAML app in Okta. Set the ``Default RelayState`` in Okta to the corresponding console of your account as defined in the **Configure SAML on Okta** section.
+
+The Okta password does not work
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Make sure to use the **Account Link URL** to add the Okta IdP to your Aiven user account. You can see a list of authentication methods in **User information** > **Authentication**.
\ No newline at end of file
diff --git a/docs/platform/howto/saml/add-onelogin-idp.rst b/docs/platform/howto/saml/add-onelogin-idp.rst
new file mode 100644
index 0000000000..6e25965102
--- /dev/null
+++ b/docs/platform/howto/saml/add-onelogin-idp.rst
@@ -0,0 +1,75 @@
+Add OneLogin as an identity provider
+====================================
+
+Use `OneLogin `_ to give your organization users single sign-on (SSO) access to Aiven.
+
+
+Prerequisite steps in Aiven Console
+------------------------------------
+
+Add OneLogin as an :ref:`identity provider ` in the Console.
+
+
+.. _configure-saml-onelogin:
+
+Configure SAML on OneLogin
+---------------------------
+
+#. Log in to the `OneLogin Admin console `_.
+
+#. Select **Applications** and click **Add App**.
+
+#. Search for **SAML Custom Connector (Advanced)** and select it.
+
+#. Change the **Display Name** to ``Aiven``.
+
+#. Add any other visual configurations you want and click **Save**.
+
+#. In the **Configuration** section of the menu, set the following parameters:
+
+ .. list-table::
+ :header-rows: 1
+ :align: left
+
+ * - Parameter
+ - Value
+ * - ``ACS URL Validation``
+ - ``[-a-zA-Z0-9@:%._\+~#=]{2,256}\.[a-z]{2,6}\b([-a-zA-Z0-9@:%_\+.~#?&//=]*)``
+ * - ``ACS URL``
+ - ``ACS URL`` from Aiven Console
+ * - ``Login URL``
+ - ``https://console.aiven.io``
+ * - ``SAML Initiator``
+ - ``Service Provider`` (or ``OneLogin`` if your users will sign in through OneLogin)
+ * - ``SAML nameID format``
+ - ``Email``
+
+
+#. Click **Save**.
+
+#. In the **SSO** section of the menu, set **SAML Signature Algorithm** to ``SHA-256``.
+
+#. Copy the certificate content, ``Issuer URL`` and ``SAML 2.0 Endpoint (HTTP)``. These are needed for the SAML configuration in Aiven Console.
+
+#. Click **Save**
+
+#. Assign users to this application.
+
+
+Finish the configuration in Aiven
+----------------------------------
+
+Go back to the Aiven Console to :ref:`configure the IdP ` and complete the setup.
+
+
+Troubleshooting
+----------------
+
+If you are getting errors, try this:
+
+#. Go to the app in OneLogin and click **Settings**.
+
+#. Under **More Actions**, select **Reapply entitlement Mappings**.
+
+If you continue to have issues, you can use the `SAML Tracer browser extension `_ to check the process step by step.
+
diff --git a/docs/platform/howto/saml/saml-authentication.rst b/docs/platform/howto/saml/saml-authentication.rst
deleted file mode 100644
index f1e7bd79ae..0000000000
--- a/docs/platform/howto/saml/saml-authentication.rst
+++ /dev/null
@@ -1,120 +0,0 @@
-Set up SAML authentication
-===========================
-
-Security Assertion Markup Language (SAML) is a standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider. You can set up SAML authentication in Aiven with your company's preferred IdP.
-
-To set up a SAML authentication method for your organization in Aiven, there are three steps:
-
-1. Configure the SAML authentication method in the Aiven Console
-2. Configure SAML on your IdP
-3. Enable the SAML authentication method in the Aiven Console
-4. Log in with the SAML authentication method
-
-Setup instructions for specific providers are available on the following pages:
-
-* :doc:`Set up SAML with Auth0 `
-* :doc:`Set up SAML with FusionAuth `
-* :doc:`Set up SAML with Microsoft Azure Active Directory `
-* :doc:`Set up SAML with Okta `
-* :doc:`Set up SAML with OneLogin `
-* :doc:`Set up SAML with Google `
-
-If your provider isn't listed, contact us at support@Aiven.io so we can assist you with the configuration.
-
-Step 1. Set up the SAML authentication method in Aiven Console
-----------------------------------------------------------------
-
-SAML Authentication methods are configured at the organization level:
-
-#. In the organization, click **Admin**.
-
-#. Select **Identity providers**.
-
-#. Click **Add identity provider**.
-
-#. Enter a name and select SAML. You can also select the groups that users will be added to when they sign up or log in through this authentication method.
-
-You are shown the two parameters needed for the SAML authentication setup in your Identity Provider:
-
-* Metadata URL
-* ACS URL
-
-Step 2. Configure SAML on your Identity Provider
-------------------------------------------------
-
-In your IdP, use the metadata URL and ACS URL to configure a new application. The following table shows how the configuration information provided by Aiven is referred to in some of the more popular IdPs.
-
-.. list-table::
- :header-rows: 1
- :align: left
-
- * - Aiven
- - Auth0
- - Okta
- - OneLogin
- - Azure Active Directory
- - Centrify
- * - ACS URL
- - Application Callback URL
- - SSO URL
- - Recipient
- - Reply
- - -
- * - Metadata
- - -
- - Audience
- - Audience URI
- - Identifier
- - SP Entity
- * - Email Mapping
- - ``email``
- - ``user.email``
- - ``Email``
- - ``user.mail``
- - ``LoginUser.email``
-
-
-Step 3. Finish the configuration in Aiven
-------------------------------------------
-
-Go back to the **Authentication** page in the `Aiven Console `_ to enable the SAML authentication method:
-
-#. Select the name of the authentication method that you created.
-
-#. Toggle on **Enable Authentication method**. To let users initiate a login directly from your IdP, toggle on **IdP login**.
-
-#. In the **SAML configuration** section, click **Edit**.
-
-#. Enter the **IDP URL**, **Entity Id**, and **SAML Certificate** details.
-
-#. Click **Edit method**.
-
-
-Step 4. Log in with the SAML authentication method
---------------------------------------------------
-
-After the authentication method is enabled, there are two URLs in the **Signup and link accounts URLs** section:
-
-* **Signup URL**: For users that don't have an Aiven user account to create a new Aiven user linked to the configured IdP.
-* **Account link URL**: For users that already have an Aiven user account to link their existing Aiven user with the configured IdP.
-
-Send the appropriate URL to link the authentication method to a new or existing Aiven user. If you set up a SAML authentication method before and are now switching to a new IdP, existing users need to log in with the new account link URL to finish the setup.
-
-When a user clicks on the link, they will be redirected to a page to link their Aiven user account with the SAML account:
-
-* For existing users that are already logged into the Aiven Console
-
- #. Click on the **Link profile** button. You are redirected to your SAML provider's authentication page.
- #. Once logged in to the provider, you will be redirected back to the Aiven Console. The authentication method is linked to your profile.
-
-* For existing users that are not logged into the Aiven Console
-
- #. Click on the **Login** button.
- #. On the login page of the Aiven Console, log in as usual. You are redirected to your SAML provider's authentication page.
- #. Once logged in to the provider, you are redirected back to the Aiven Console. The authentication method is linked to your profile.
-
-* For new users without an Aiven user account
-
- #. Click **Sign up**. You are redirected to your SAML provider's authentication page.
- #. Once logged in to the provider, you are redirected back to the Aiven sign up page.
- #. Complete the sign up process. Your Aiven profile is linked with your SAML authentication method.
diff --git a/docs/platform/howto/saml/setup-saml-auth0.rst b/docs/platform/howto/saml/setup-saml-auth0.rst
deleted file mode 100644
index 61f55b254c..0000000000
--- a/docs/platform/howto/saml/setup-saml-auth0.rst
+++ /dev/null
@@ -1,91 +0,0 @@
-Set up SAML with Auth0
-=======================
-
-This article explains how to set up SAML with `Auth0 `_ for an organization in Aiven. For more information on SAML and instructions for other identity providers, see the :doc:`Set up SAML authentication ` article.
-
-Prerequisite steps in Aiven Console
-------------------------------------
-
-#. In the organization, click **Admin**.
-
-#. Select **Identity providers**.
-
-#. Click **Add identity provider**.
-
-#. Enter a name and select SAML. You can also select the groups that users will be added to when they sign up or log in through this authentication method.
-
-You are shown two parameters needed to set up the SAML authentication in Auth0:
-
-* Metadata URL
-* ACS URL
-
-Configure SAML on Auth0
-------------------------
-
-1. Log in to `your Auth0 account `_.
-
-2. Select **Applications**.
-
-3. Click **Create Application**.
-
-4. Enter an application name.
-
-5. Choose **Regular Web Applications** and click **Create**.
-
-6. After your application is created, go to the **Addons** tab.
-
-7. Enable the **SAML 2 WEB APP** option.
-
-8. Click on the **SAML 2 WEB APP** option. The **Settings** tab opens.
-
-9. Set the ``Application Callback URL`` to the ``ACS URL`` from the Aiven Console.
-
-10. In the **Settings** section for the Application Callback URL, remove the existing configuration and add the following field mapping configuration:
-
- .. code-block:: shell
-
- {
- "email": "email",
- "first_name": "first_name",
- "identity": "email",
- "last_name": "last_name",
- "mapUnknownClaimsAsIs": true
- }
-
-11. Click **Enable** and **Save**.
-
-12. On the **Usage** tab, make a note of the ``Identity Provider Login URL``, ``Issuer URN``, and ``Identity Provider Certificate``. These are needed for the SAML configuration in Aiven Console.
-
-
-Finish the configuration in Aiven
-----------------------------------
-
-Go back to the **Authentication** page in `Aiven Console `_ to enable the SAML authentication method:
-
-1. Select the name of the Auth0 method that you created.
-
-2. In the SAML configuration section, click **Edit**.
-
-3. Add the configuration settings from Auth0:
-
- * Set the ``SAML IDP URL`` to the ``Identity Provider Login URL`` from Auth0.
- * Set the ``SAML Entity ID`` to the ``Issuer URN`` from Auth0 .
- * Paste the certificate from Auth0 into the ``SAML Certificate`` field.
-
-4. Click **Edit method** to save your changes.
-
-5. Toggle on **Enable authentication method** at the top of the page.
-
-6. In the **Signup and link accounts URLs** section, copy the appropriate link and send it to your users to switch them to the new IdP:
-
- * **Signup URL**: For users that don't have an Aiven user account and need to create a new Aiven user linked to this IdP.
- * **Account link URL**: For users that already have an Aiven user account to link their existing Aiven user with the configured IdP.
-
-.. note::
-
- If you set up a SAML authentication method before and are now switching to a new IdP, existing users need to log in with the new account link URL to finish the setup.
-
-Troubleshooting
----------------
-
-If you have issues, you can use the `SAML Tracer browser extension `_ to check the process step by step.
diff --git a/docs/platform/howto/saml/setup-saml-azure.rst b/docs/platform/howto/saml/setup-saml-azure.rst
deleted file mode 100644
index 9c9353e78c..0000000000
--- a/docs/platform/howto/saml/setup-saml-azure.rst
+++ /dev/null
@@ -1,146 +0,0 @@
-Set up SAML with Microsoft Azure Active Directory
-=================================================
-
-This article explains how to set up SAML with `Microsoft Azure Active Directory (AD) `_ for an organization in Aiven. For more information on SAML and instructions for other identity providers, see the :doc:`Set up SAML authentication ` article.
-
-
-Prerequisite steps in Aiven Console
-------------------------------------
-
-#. In the organization, click **Admin**.
-
-#. Select **Identity providers**.
-
-#. Click **Add identity provider**.
-
-#. Enter a name and select SAML. You can also select the groups that users will be added to when they sign up or log in through this authentication method.
-
-You are shown two parameters needed to set up the SAML authentication in Microsoft Azure AD:
-
-* Metadata URL
-* ACS URL
-
-Configure SAML on Microsoft Azure
-----------------------------------
-
-First, you set up the application on Azure. Then, you add a claim and users.
-
-Set up an Azure application
-""""""""""""""""""""""""""""
-
-1. Log in to `Microsoft Azure `_.
-
-2. Got to **Enterprise applications**.
-
-3. Select **All applications**.
-
-4. Click **New application**.
-
-5. Select the **Add from the gallery** search bar and use the **Azure AD SAML Toolkit**.
-
-6. Click **Add**.
-
-7. Go back to the **Enterprise applications** list.
-
- .. note::
-
- The newly created application might not be visible yet. You can use the **All applications** filter to see the new application.
-
-8. Click on the name of the new application. The configuration opens.
-
-9. Select **Single sign-on** configuration.
-
-10. Select **SAML** as the single sign-on method.
-
-11. Add the following parameters to the **Basic SAML Configuration**:
-
- .. list-table::
- :header-rows: 1
- :align: left
-
- * - Parameter
- - Value
- * - ``Identifier (Entity ID)``
- - ``Metadata URL``
- * - ``Reply URL (Assertion Consumer Service URL)``
- - ``ACS URL``
- * - ``Sign on URL``
- - ``https://console.aiven.io``
-
-
-12. Click **Save**.
-
-Create a claim and add users
-""""""""""""""""""""""""""""
-
-1. In the **User Attributes & Claims**, click **Add a new claim**.
-
-2. Create an attribute with the following data:
-
- .. list-table::
- :header-rows: 1
- :align: left
-
- * - Parameter
- - Value
- * - ``Name``
- - ``email``
- * - ``Source``
- - ``Attribute``
- * - ``Source Attribute``
- - ``user.mail``
-
-3. Download the **Certificate (Base64)** from the **SAML Signing Certificate** section.
-
-4. Go to **Users and groups** and click **Add user**.
-
-5. Select the users that you want to use Azure AD to log in to Aiven.
-
-6. Click **Assign**.
-
-Finish the configuration in Aiven
-----------------------------------
-
-Go back to the **Authentication** page in `Aiven Console `_ to enable the SAML authentication method:
-
-1. Select the name of the Azure AD method that you created.
-
-2. In the SAML configuration section, click **Edit**.
-
-3. Add the configuration settings from Azure:
-
- * Set the ``SAML IDP URL`` to the ``Login URL`` from Azure.
- * Set the ``SAML Entity ID`` to the ``Azure AD Identifier`` from Azure.
- * Paste the certificate from Azure into the ``SAML Certificate`` field.
-
-4. Click **Edit method** to save your changes.
-
-5. Toggle on **Enable authentication method** at the top of the page.
-
-6. In the **Signup and link accounts URLs** section, copy the appropriate link and send it to your users to switch them to the new IdP:
-
- * **Signup URL**: For users that don't have an Aiven user account and need to create a new Aiven user linked to this IdP.
- * **Account link URL**: For users that already have an Aiven user account to link their existing Aiven user with the configured IdP.
-
-.. note::
- If you set up a SAML authentication method before and are now switching to a new IdP, existing users need to log in with the new account link URL to finish the setup.
-
-Troubleshooting
----------------
-
-Error: contact your administrator
-"""""""""""""""""""""""""""""""""
-
-If you get an error message suggesting you contact your administrator, try these steps:
-
-#. Go to the Microsoft Azure AD user profile for the users.
-
-#. In **Contact Info**, check whether the **Email** field is blank.
-
-If it is blank, there are two possible solutions:
-
-* In **User Principal Name**, if the **Identity** field is an email address, try changing the **User Attributes & Claims** to ``email = user.userprincipalname``.
-
-* In **Contact Info**, if none of the **Alternate email** fields are blank, try changing the **User Attributes & Claims** to ``email = user.othermail``.
-
-If you still have login issues, you can use the `SAML Tracer browser extension `_ to check the process step by step. If this doesn't work, get in touch with our support team at support@Aiven.io.
diff --git a/docs/platform/howto/saml/setup-saml-fusionauth.rst b/docs/platform/howto/saml/setup-saml-fusionauth.rst
deleted file mode 100644
index 68c69bae0f..0000000000
--- a/docs/platform/howto/saml/setup-saml-fusionauth.rst
+++ /dev/null
@@ -1,136 +0,0 @@
-Set up SAML with FusionAuth
-============================
-
-This article explains how to set up SAML with `FusionAuth `_ for an organization in Aiven. For more information on SAML and instructions for other identity providers, see the :doc:`Set up SAML authentication ` article.
-
-Prerequisite steps in Aiven Console
-------------------------------------
-
-#. In the organization, click **Admin**.
-
-#. Select **Identity providers**.
-
-#. Click **Add identity provider**.
-
-#. Enter a name and select SAML. You can also select the groups that users will be added to when they sign up or log in through this authentication method.
-
-#. Click **Add method**.
-
-You are shown two parameters needed to set up the SAML authentication in FusionAuth:
-
-* Metadata URL
-* ACS URL
-
-Configure SAML on FusionAuth
-----------------------------
-
-The setup on FusionAuth has three parts:
-
-* create an API key
-* generate a custom RSA certificate
-* create an application
-
-First you need to create an API Key in your FusionAuth instance:
-
-#. In FusionAuth, go to **Settings** > **API Keys**.
-
-#. Click the **Add** icon.
-
-#. Enter a description for the key (for example, "Certificate generator").
-
-#. In the **Endpoints** list, find ``/api/key/import``.
-
-#. Toggle on **POST**.
-
-#. Click the **Save** icon.
-
- .. image:: /images/platform/howto/saml/fusionauth/create-api-key.png
- :alt: Creating API Key.
-
-#. On the **API Keys** page, find your new key and click on the value in the **Key** column.
-
-#. Copy the whole key. You'll use this for the script.
-
- .. image:: /images/platform/howto/saml/fusionauth/grab-api-key.png
- :alt: Grabbing API Key.
-
-#. Clone `the FusionAuth example scripts GitHub repository `__.
-
- .. code:: shell
-
- git clone git@github.com:FusionAuth/fusionauth-example-scripts.git
- cd fusionauth-example-scripts/v3-certificate
-
-#. Run the ``generate-certificate`` script.
-
- .. code:: shell
-
- ./generate-certificate
-
-#. Give the key a meaningful name (for example, "Aiven key").
-
-#. Copy the generated certificate that the script creates. You now have a certificate in the **Key Master** in your FusionAuth instance.
-
-Next, create an application in your FusionAuth instance:
-
-#. In **Applications**, click the **Add** icon.
-
-#. Enter a name for the application (for example, "Aiven").
-
-#. On the **SAML** tab, and toggle on the **Enabled** switch.
-
-#. Paste the **Metadata URL** and **ACS URL** you copied from the Aiven Console to the **Issuer** and **Authorized redirect URLs** fields in your FusionAuth application, respectively.
-
- .. list-table::
- :header-rows: 1
- :align: left
-
- * - Aiven
- - FusionAuth
- * - Metadata URL
- - Issuer
- * - ACS URL
- - Authorized redirect URLs
-
-#. In the **Authentication response** section, change the **Signing key** to the API key you created.
-
-#. Click the **Save** icon to save your application.
-
-#. On the **Applications** page, click the magnifying glass.
-
-#. In the **SAML v2 Integration details** section, copy the **Entity Id** and **Login URL**.
-
-Finish the configuration in Aiven
----------------------------------
-
-Go back to the **Authentication** page in `Aiven Console `_ to enable the SAML authentication method:
-
-1. Select the name of the FusionAuth method that you created.
-
-2. In the SAML configuration section, click **Edit**.
-
-3. Toggle on **IdP login**.
-
-4. Add the configuration settings from FusionAuth:
-
- * Set the ``SAML IDP Url`` to the ``Login URL`` from FusionAuth.
- * Set the ``SAML Entity ID`` to the ``Entity Id`` from FusionAuth.
- * Paste the certificate from the ``Generating certificate`` in FusionAuth into the `SAML Certificate`` field.
-
-5. Click **Edit method** to save your changes.
-
-6. Toggle on **Enable authentication method** at the top of the page.
-
-7. In the **Signup and link accounts URLs** section, copy the appropriate link and send it to your users to switch them to the new IdP:
-
- * **Signup URL**: For users that don't have an Aiven user account and need to create a new Aiven user linked to this IdP.
- * **Account link URL**: For users that already have an Aiven user account to link their existing Aiven user with the configured IdP.
-
-.. note::
-
- If you set up a SAML authentication method before and are now switching to a new IdP, existing users need to log in with the new account link URL to finish the setup.
-
-Troubleshooting
----------------
-
-If you have issues, you can use the `SAML Tracer browser extension `_ to check the process step by step.
diff --git a/docs/platform/howto/saml/setup-saml-google.rst b/docs/platform/howto/saml/setup-saml-google.rst
deleted file mode 100644
index 3e2cdb7b7f..0000000000
--- a/docs/platform/howto/saml/setup-saml-google.rst
+++ /dev/null
@@ -1,90 +0,0 @@
-Set up SAML with Google
-=======================
-
-This article explains how to set up SAML with Google for an organization in Aiven. For more information on SAML and instructions for other identity providers, see the :doc:`Set up SAML authentication ` article.
-
-Prerequisite steps in Aiven Console
-------------------------------------
-
-#. In the organization, click **Admin**.
-
-#. Select **Identity providers**.
-
-#. Click **Add identity provider**.
-
-#. Enter a name and select SAML. You can also select the groups that users will be added to when they sign up or log in through this authentication method.
-
-You are shown two parameters needed to set up the SAML authentication in Google:
-
-* Metadata URL
-* ACS URL
-
-Configure SAML on Google
-------------------------
-
-1. Log in to Google Admin console.
-
-2. Go to Menu -> Apps -> Web and mobile apps.
-
-3. Click Add App -> Add custom SAML app.
-
-4. On the App Details page, enter a name for the Aiven profile.
-
-5. Click Continue.
-
-6. On the Google Identity Provider details page, Copy the **SSO URL**, **Entity ID** and the **Certificate**. These are needed later for the SAML configuration in Aiven Console.
-
-7. Click Continue.
-
-8. In the Service Provider Details window, set the following parameters:
-
- .. list-table::
- :header-rows: 1
- :align: left
-
- * - Parameter
- - Value
- * - ``Entity ID``
- - ``Metadata URL`` from Aiven Console
- * - ``ACS URL``
- - ``ACS URL`` from Aiven Console
- * - ``Name ID format``
- - ``EMAIL``
- * - ``App attributes``
- - ``email``
-
-9. Click Finish.
-
-10. Turn on your SAML app.
-
-Finish the configuration in Aiven
-----------------------------------
-
-Go back to the **Authentication** page in `Aiven Console `_ to enable the SAML authentication method:
-
-1. Select the name of the Google method that you created.
-
-2. In the SAML configuration section, click **Edit**.
-
-3. Add the configuration settings from Google:
-
- * Set the ``SAML IDP URL`` to the ``SSO URL`` from Google.
- * Set the ``SAML Entity ID`` to the ``Entity ID`` from Google .
- * Paste the certificate from Google into the ``SAML Certificate`` field.
-
-4. Click **Edit method** to save your changes.
-
-5. Toggle on **Enable authentication method** at the top of the page.
-
-6. In the **Signup and link accounts URLs** section, copy the appropriate link and send it to your users to switch them to the new IdP:
-
- * **Signup URL**: For users that don't have an Aiven user account and need to create a new Aiven user linked to this IdP.
- * **Account link URL**: For users that already have an Aiven user account to link their existing Aiven user with the configured IdP.
-
-.. note::
- If you set up a SAML authentication method before and are now switching to a new IdP, existing users need to log in with the new account link URL to finish the setup.
-
-Troubleshooting
----------------
-
-If you have issues, you can use the `SAML Tracer browser extension `_ to check the process step by step.
diff --git a/docs/platform/howto/saml/setup-saml-jumpcloud.rst b/docs/platform/howto/saml/setup-saml-jumpcloud.rst
deleted file mode 100644
index d0958f1cd4..0000000000
--- a/docs/platform/howto/saml/setup-saml-jumpcloud.rst
+++ /dev/null
@@ -1,79 +0,0 @@
-Set up SAML with JumpCloud
-===========================
-
-This article explains how to set up SAML with `JumpCloud `_ for an organization in Aiven. For more information on SAML and instructions for other identity providers, see the :doc:`Set up SAML authentication ` article.
-
-Prerequisite steps in Aiven Console
-------------------------------------
-
-#. In the organization, click **Admin**.
-
-#. Select **Identity providers**.
-
-#. Click **Add identity provider**.
-
-#. Enter a name and select SAML. You can also select the groups that users will be added to when they sign up or log in through this authentication method.
-
-You are shown two parameters needed to set up the SAML authentication in JumpCloud:
-
-* Metadata URL
-* ACS URL
-
-Configure SAML on JumpCloud
-----------------------------
-
-#. In the `JumpCloud admin console `_, go to **SSO**.
-
-#. Select **Custom SAML App**.
-
-#. Set the **IdP Entity ID**.
-
-#. Set the ``Audience URI (SP Entity ID)`` to the ``Metadata URL`` from the Aiven Console.
-
-#. Set the ``ACS URL`` to the one from the Aiven Console.
-
-#. Set the ``Default RelayState`` to the homepage of the Aiven Console, https://console.aiven.io.
-
-#. Add an entry in **Attribute statements** with ``Service Provider Attribute Name`` of ``email`` and ``JumpCloud Attribute Name`` of ``email``.
-
-#. Set the ``Login URL`` to the ``ACS URL`` from the Aiven Console.
-
-#. In **User Groups**, assign the application to your user groups.
-
-#. Click **Activate**.
-
-#. Download the certificate.
-
-Finish the configuration in Aiven
-----------------------------------
-
-Go back to the **Authentication** page in `Aiven Console `_ to enable the SAML authentication method:
-
-1. Select the name of the JumpCloud method that you created.
-
-2. In the SAML configuration section, click **Edit**.
-
-3. Toggle on **IdP login**.
-
-4. Add the configuration settings from JumpCloud:
-
- * Set the ``SAML IDP URL`` to the ``IDP URL`` from JumpCloud.
- * Set the ``SAML Entity ID`` to the ``IdP Entity ID`` from JumpCloud .
- * Paste the certificate from JumpCloud into the ``SAML Certificate`` field.
-
-5. Click **Edit method** to save your changes.
-
-6. Toggle on **Enable authentication method** at the top of the page.
-
-7. In the **Signup and link accounts URLs** section, copy the appropriate link and send it to your users to switch them to the new IdP:
-
- * **Signup URL**: For users that don't have an Aiven user account and need to create a new Aiven user linked to this IdP.
- * **Account link URL**: For users that already have an Aiven user account to link their existing Aiven user with the configured IdP.
-
-.. note::
- If you set up a SAML authentication method before and are now switching to a new IdP, existing users need to log in with the new account link URL to finish the setup.
-
-Troubleshooting
----------------
-
-If you have issues, you can use the `SAML Tracer browser extension `_ to check the process step by step.
diff --git a/docs/platform/howto/saml/setup-saml-okta.rst b/docs/platform/howto/saml/setup-saml-okta.rst
deleted file mode 100644
index c054038e40..0000000000
--- a/docs/platform/howto/saml/setup-saml-okta.rst
+++ /dev/null
@@ -1,162 +0,0 @@
-Set up SAML with Okta
-======================
-
-This article explains how to set up SAML with `Okta `_ for an organization in Aiven. For more information on SAML and instructions for other identity providers, see the :doc:`Set up SAML authentication ` article.
-
-Prerequisite steps in Aiven Console
-------------------------------------
-
-#. In the organization, click **Admin**.
-
-#. Select **Identity providers**.
-
-#. Click **Add identity provider**.
-
-#. Enter a name and select SAML. You can also select the groups that users will be added to when they sign up or log in through this authentication method.
-
-You are shown two parameters needed to set up the SAML authentication in Okta:
-
-* Metadata URL
-* ACS URL
-
-Configure SAML on Okta
------------------------
-
-This is a two step process. First, you create the SAML SP-Initiated authentication flow and then you create a bookmark app that will redirect to the Aiven Console's login page.
-
-#. Log in to the `Okta administrator console `_.
-
-#. Go to the **Applications** tab.
-
-#. Click **Create a new app integration**.
-
-#. Select **SAML 2.0** for the **Sign on method**, then click **Next**.
-
-#. Enter a name for the app and add a logo.
-
-#. Set its visibility for your Okta users and click **Next**.
-
-#. Set the following values in the app configuration:
-
-
- .. list-table::
- :widths: 10 90
- :header-rows: 1
- :align: left
-
- * - Parameter
- - Value
- * - ``Single sign on URL``
- - ``ACS URL``
- * - ``Audience URI (SP Entity ID)``
- - ``Metadata URL``
- * - ``Default RelayState``
- - ``https://console.aiven.io/`` when using the Aiven Console
-
- ``https://console.gcp.aiven.io/`` when using Aiven GCP Marketplace Console
-
- ``https://console.aws.aiven.io/`` when using Aiven AWS Marketplace Console
-
- .. important::
- The ``Default RelayState`` is the homepage of the Aiven Console and is fundamental for IdP initiated sign on to function correctly.
-
-#. Add an entry to **Attribute statements** with:
-
- .. list-table::
- :widths: 10 90
- :header-rows: 1
- :align: left
-
- * - Parameter
- - Value
- * - ``name``
- - ``email``
- * - ``value``
- - ``user.email``
-
-#. Click **Next** and then click **Finish**. You are redirected to your application in Okta.
-
-#. Click the **View Setup Instructions** for the application.
-
-#. Go to the **Sign On** tab and copy the application data to be used in the final configuration in Aiven:
-
- * ``Identity Provider Signle Sign-On URL``
-
- * ``Identity Provider Issuer``
-
- * ``X.509 Certificate``
-
-#. Go to the **Assignments** tab.
-
-#. Click **Assign** to assign users or groups to the Okta application.
-
-.. note::
-
- New users need to be assigned to the Aiven application in Okta for the login to be successful.
-
-
-Finish the configuration in Aiven
----------------------------------
-
-Go back to the **Authentication** page in the `Aiven Console `_ to enable the SAML authentication method:
-
-1. Select the name of the Okta method that you created.
-
-2. In the SAML configuration section, click **Edit**.
-
-3. Add the configuration settings from Okta:
-
- .. list-table::
- :header-rows: 1
- :align: left
-
- * - Parameter
- - Value
- * - ``SAML IDP Url``
- - ``Identity Provider Single Sign-On URL``
- * - ``SAML Entity ID``
- - ``Identity Provider Issuer``
- * - ``SAML Certificate``
- - ``X.509 Certificate``
-
-
-4. Toggle on ``IdP login`` and ``Enable authentication method``.
-
-5. Click ``Edit Method`` to save the settings.
-
-6. In the **Signup and link accounts URLs** section, copy the appropriate link and send it to your users to switch them to the new IdP:
-
- * **Signup URL**: For users that don't have an Aiven user account and need to create a new Aiven user linked to this IdP.
- * **Account link URL**: For users that already have an Aiven user account to link their existing Aiven user with the configured IdP.
-
-.. note::
- If you set up a SAML authentication method before and are now switching to a new IdP, existing users need to log in with the new account link URL to finish the setup.
-
-Troubleshooting
----------------
-
-Authentication failed
-~~~~~~~~~~~~~~~~~~~~~
-
-When launching Aiven SAML application getting the following error::
-
- Authentication Failed
-
- Login failed. Please contact your account administrator for more details.
-
-Check Okta authentication in Aiven console if **IdP login** and **Enable authentication method** are
-enabled.
-
-
-Invalid ``RelayState``
-~~~~~~~~~~~~~~~~~~~~~~
-
-If you get the ``Invalid RelayState``, then you are attempting an IdP-initiated auth flow, for example by clicking the Aiven SAML app from the Okta UI. Previously, Aiven did not support IdP-initiated flows, but now it is possible if you set the ``Default RelayState`` in Okta to the corresponding console of your account as defined in the Configure SAML on Okta section.
-
-The Okta password does not work
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Make sure to use the **Account Link URL** to add the Okta Authentication method to your Aiven profile.
-
-Once linked, you should get the choice of multiple sign-in methods as well as see the other
-Authentication method in **User Information** -> **Authentication** section on the `Aiven Console `__.
\ No newline at end of file
diff --git a/docs/platform/howto/saml/setup-saml-onelogin.rst b/docs/platform/howto/saml/setup-saml-onelogin.rst
deleted file mode 100644
index ea776980bb..0000000000
--- a/docs/platform/howto/saml/setup-saml-onelogin.rst
+++ /dev/null
@@ -1,106 +0,0 @@
-Set up SAML with OneLogin
-==========================
-
-This article explains how to set up SAML with `OneLogin `_ for an organization in Aiven. For more information on SAML and instructions for other identity providers, see the :doc:`Set up SAML authentication ` article.
-
-Prerequisite steps in Aiven Console
-------------------------------------
-
-#. In the organization, click **Admin**.
-
-#. Select **Identity providers**.
-
-#. Click **Add identity provider**.
-
-#. Enter a name and select SAML. You can also select the groups that users will be added to when they sign up or log in through this authentication method.
-
-You are shown two parameters needed to set up the SAML authentication in OneLogin:
-
-* Metadata URL
-* ACS URL
-
-Configure SAML on OneLogin
----------------------------
-
-#. Log in to the `OneLogin Admin console `_.
-
-#. Select **Applications** and click **Add App**.
-
-#. Search for **SAML Custom Connector (Advanced)** and select it.
-
-#. Change the **Display Name** to ``Aiven``.
-
-#. Add any other visual configurations you want and click **Save**.
-
-#. In the **Configuration** section of the menu, set the following parameters:
-
- .. list-table::
- :header-rows: 1
- :align: left
-
- * - Parameter
- - Value
- * - ``ACS URL Validation``
- - ``[-a-zA-Z0-9@:%._\+~#=]{2,256}\.[a-z]{2,6}\b([-a-zA-Z0-9@:%_\+.~#?&//=]*)``
- * - ``ACS URL``
- - ``ACS URL`` from Aiven Console
- * - ``Login URL``
- - ``https://console.aiven.io``
- * - ``SAML Initiator``
- - ``Service Provider`` (or ``OneLogin`` if your users will sign in through OneLogin)
- * - ``SAML nameID format``
- - ``Email``
-
-
-#. Click **Save**.
-
-#. In the **SSO** section of the menu, set **SAML Signature Algorithm** to ``SHA-256``.
-
-#. Copy the certificate content, ``Issuer URL`` and ``SAML 2.0 Endpoint (HTTP)``. These are needed for the SAML configuration in Aiven Console.
-
-#. Click **Save**
-
-#. Assign users to this application.
-
-
-Finish the configuration in Aiven
----------------------------------
-
-Go back to the **Authentication** page in `Aiven Console `_ to enable the SAML authentication method:
-
-1. Select the name of the OneLogin method that you created.
-
-2. In the SAML configuration section, click **Edit**.
-
-3. Add the configuration settings from OneLogin:
-
- * Set the ``SAML IDP URL`` to the ``SAML 2.0 Endpoint (HTTP)`` from OneLogin.
-
- * Set the ``SAML Entity ID`` to the ``Issuer URL`` from OneLogin.
-
- * Paste the certificate from OneLogin into ``SAML Certificate``.
-
-4. If you set ``SAML Initiator`` to ``OneLogin`` in your OneLogin application, then toggle on ``IdP login``.
-
-5. Toggle on **Enable authentication method** at the top of the page.
-
-6. In the **Signup and link accounts URLs** section, copy the appropriate link and send it to your users to switch them to the new IdP:
-
- * **Signup URL**: For users that don't have an Aiven user account and need to create a new Aiven user linked to this IdP.
- * **Account link URL**: For users that already have an Aiven user account to link their existing Aiven user with the configured IdP.
-
-.. note::
- If you set up a SAML authentication method before and are now switching to a new IdP, existing users need to log in with the new account link URL to finish the setup.
-
-
-Troubleshooting
-----------------
-
-If you are getting errors, try this:
-
-#. Go to the app in OneLogin and click **Settings**.
-
-#. Under **More Actions**, select **Reapply entitlement Mappings**.
-
-If you continue to have issues, you can use the `SAML Tracer browser extension `_ to check the process step by step.
-
diff --git a/docs/platform/howto/set-authentication-policies.rst b/docs/platform/howto/set-authentication-policies.rst
index ee0a8e90b2..c27fa373cf 100644
--- a/docs/platform/howto/set-authentication-policies.rst
+++ b/docs/platform/howto/set-authentication-policies.rst
@@ -24,7 +24,7 @@ Users can choose to log in using Google, Microsoft, or GitHub.
Organization identity providers (SSO)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-Organization users are restricted to logging in using SSO through an :doc:`identity provider `.
+Organization users are restricted to logging in using SSO through an :doc:`identity provider `.
Set an authentication policy
------------------------------
diff --git a/docs/tools/aiven-console.rst b/docs/tools/aiven-console.rst
index a3b3c5659d..8734307af1 100644
--- a/docs/tools/aiven-console.rst
+++ b/docs/tools/aiven-console.rst
@@ -49,7 +49,7 @@ Organization and organizational unit settings are available on the **Admin** pag
* :doc:`Manage your groups `
* Create new projects under an organization or organizational unit
-* Configure :doc:`authentication methods for an organization `
+* Configure :doc:`authentication policies for an organization `
* View logs of activity such as the adding or removing of users, changing authentication methods, and more
* Rename or delete an organization or organizational unit