Feat: Saml Login support in Konnect #7481
Conversation
Guaris
added
review:copyedit
✅ Deploy Preview for kongdocs ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
| @@ -0,0 +1,62 @@ | |||
| --- | |||
| title: Set up SSO with SAML 2.0 | |||
There was a problem hiding this comment.
I'm not sure if we need this doc to be separate if we already cover this flow in the Okta doc.
Co-authored-by: Diana <75819066+cloudjumpercat@users.noreply.github.com>
|
|
||
| As an alternative to {{site.konnect_saas}}’s native authentication, you can set up single sign-on (SSO) access to {{site.konnect_short_name}} through an identity provider (IdP) using SAML 2.0. This method allows your users to log in to {{site.konnect_saas}} with their IdP credentials, eliminating the need for a separate login. | ||
|
|
||
| ## Prerequisites |
There was a problem hiding this comment.
Another prerequisite we have is that Konnect only allows for 1 idp at the time. If another idp is enabled, it will be required to disable it first. This will also be true for OIDC. 1 OIDC or 1 SAML.
Co-authored-by: Alex Gervais <alex.gervais@gmail.com>
There was a problem hiding this comment.
The step by step instructions look good, the tabs look good, but I am getting hung up on the existence of these two topics: Okta SSO and SSO. I think we need to do a couple of things to avoid confusion:
- Link between the two topics, right at the top, in the intros. Say something like "this topics covers custom SSO for your IdPs. If you want to set up Okta SSO, see [link]" (not sure if that's correct, but something similar).
- Adjust the title of the generic one to call out that it's generic
- Add something to the overview to explain the difference
app/_data/docs_nav_konnect.yml
Outdated
| @@ -239,8 +239,8 @@ | |||
| url: /org-management/social-identity-login/ | |||
| - text: Org Switcher | |||
| url: /org-management/org-switcher/ | |||
| - text: Set up SSO with OIDC | |||
| url: /org-management/oidc-idp/ | |||
| - text: Set up SSO | |||
There was a problem hiding this comment.
Is this topic meant to be a more generic OSS config, vs the Okta one? It's really hard to tell the difference in purpose between the two topics at first glance, especially in the nav.
Co-authored-by: Alex Gervais <alex.gervais@gmail.com>
Co-authored-by: lena-larionova <54370747+lena-larionova@users.noreply.github.com>
|
|
||
| ## Prepare the Okta application |
There was a problem hiding this comment.
For all the Okta-specific instructions in this doc, I think we're still too specific about the names of the buttons in the UI and precise steps. I'd keep it more general with links to Okta docs to make sure the steps are more likely to stay up-to-date. You can take a look at https://deploy-preview-7633--kongdocs.netlify.app/konnect/dev-portal/access-and-approval/sso/#configure-an-application-and-group-claims-in-your-idp for an example of what I'm thinking and how I did it for Dev Portal.
Co-authored-by: Diana <75819066+cloudjumpercat@users.noreply.github.com>
There was a problem hiding this comment.
This mostly LGTM, but I have one question: the sections "Provider specific SAML configuration" and "Advanced OIDC settings" are both nested under "Troubleshooting". Is that an accident, or is there an argument for listing them as troubleshooting items instead of just references?
https://konghq.atlassian.net/browse/DOCU-3737
Konnect now supports SAML authentication protocol for login. SAML is an open standard that allows Konnect to delegate authentication to an identity provider (IdP). By implementing SAML, organizations are able to choose between OIDC or SAML protocols when setting up their single sign on method.
https://deploy-preview-7481--kongdocs.netlify.app/konnect/org-management/sso/
https://deploy-preview-7481--kongdocs.netlify.app/konnect/org-management/okta-idp/
XR: #7370