aiven · rsalevsky · Jul 25, 2024 · Jul 1, 2024 · Jul 22, 2024
@@ -2,6 +2,8 @@
 title: Set authentication policies for organization users
 ---
 
+import ConsoleLabel from "@site/src/components/ConsoleIcons"
+
 The authentication policy for your organization specifies the ways that users in your organization and their personal tokens can access the organization on the Aiven platform.
 
 ## Authentication types
@@ -18,7 +20,8 @@ two-factor authentication (2FA) for password logins for all users in
 your organization.
 
 When 2FA is required, users can't access any resources in your organization until they
-set up 2FA.
+set up 2FA. This only applies to logins using email and password. The Aiven platform
+cannot enforce 2FA for logins through third-party providers, including identity providers.
 
 :::note
 Personal tokens are not affected and continue to work when you make 2FA required.
@@ -71,6 +74,6 @@ the user can create a token.
 ## Set an authentication policy
 
 1.  In the organization, click **Admin**.
-1.  Click **Authentication**.
+1.  Click <ConsoleLabel name="authenticationpolicy"/>.
 1.  Configure the settings for your authentication policy.
 1.  Click **Save changes**.
@@ -2,62 +2,60 @@
 title: Manage two-factor authentication
 ---
 
+import {ConsoleIcon} from "@site/src/components/ConsoleIcons"
+import ConsoleLabel from "@site/src/components/ConsoleIcons"
+
 Two-factor authentication in Aiven provides an extra level of security by requiring a second authentication code in addition to the user password.
 
+This only applies to logins using email and password. The Aiven platform
+cannot enforce 2FA for logins through third-party providers, including identity providers.
+
 :::warning
-Enabling and disabling two-factor authentication revokes your
-existing authentication tokens.
+Enabling and disabling two-factor authentication revokes personal tokens
+that you
+[created with password authentication](/docs/platform/howto/set-authentication-policies#personal-tokens).
 :::
 
 ## Enable two-factor authentication {#enable-2fa}
 
-To enable two-factor authentication on the [Aiven
-Console](https://console.aiven.io/):
-
-1.  Click the **User information** icon in the top right and select
-    **Authentication**.
+1.  Click <ConsoleIcon name="user"/> **User information** and select
+    <ConsoleLabel name="authenticationmethod"/>.
 
-1.  On the **Aiven Password** method, toggle on **Two-factor
-    authentication**.
+1.  On the **Aiven Password** method, click the **Two-factor authentication** toggle
+    to the enabled position.
 
 1.  Enter your password and click **Next**.
 
 1.  On your mobile device, open your authenticator app and scan the QR
-    code shown in Aiven Console.
+    code shown in Aiven Console. Alternatively, you can enter the TOTP
+    secret from the Aiven Console into your authenticator app.
 
-    :::note
-    Alternatively, you can enter the TOTP secret from the Aiven Console
-    into your authenticator app.
-    :::
-
-1.  Enter the code from the authenticator app in the **Confirmation
-    code** field in Aiven Console.
+1.  In the Aiven Console enter the **Confirmation code** from the authenticator app.
 
 1.  Click **Enable**.
 
-To change the mobile device that you use for two-factor
-authentication and [disable two-factor authentication](/docs/platform/howto/user-2fa#disable-2fa)
+To change the mobile device that you use for two-factor authentication,
+[disable two-factor authentication](/docs/platform/howto/user-2fa#disable-2fa)
 and enable it on the new device.
 
 ## Disable two-factor authentication {#disable-2fa}
 
-To disable two-factor authentication on the Aiven Console:
-
-1.  Click the **User information** icon in the top right and select
-    **Authentication**.
-1.  On the **Aiven Password** method, toggle off **Two-factor
-    authentication**.
+1.  Click <ConsoleIcon name="user"/> **User information** and select
+    <ConsoleLabel name="authenticationmethod"/>.
+1.  On the **Aiven Password** method, click the **Two-factor authentication** toggle
+    to the disabled position.
 1.  Enter your password and click **Disable Two-Factor Authentication**.
 
 ## Reset two-factor authentication
 
 If you have lost access to your mobile device or authenticator app, you
-can regain access to your account by resetting your Aiven password:
+can regain access to your account by resetting your Aiven password.
 
 1.  Log out of Aiven Console.
 1.  Enter your login email and click **Log in**.
 1.  Click **Forgot password?**.
 1.  Enter your login email and click **Reset your password**.
 1.  Follow the instructions in the password reset email to set a new
     password.
-1.  [Enable two-factor authentication](/docs/platform/howto/user-2fa#enable-2fa) on your new mobile device or authenticator app.
+1.  [Enable two-factor authentication](/docs/platform/howto/user-2fa#enable-2fa)
+    on your new mobile device or authenticator app.
@@ -27,13 +27,38 @@ export default function ConsoleLabel({name}): ReactElement {
           <ConsoleIconWrapper icon={ConsoleIcons.cog} /> <b>Service settings</b>
         </>
       );
+    case 'organization':
+      return (
+        <>
+          <ConsoleIconWrapper icon={ConsoleIcons.office} /> <b>Organization</b>
+        </>
+      );
+    case 'authenticationpolicy':
+      return (
+        <>
+          <ConsoleIconWrapper icon={ConsoleIcons.lock} /> <b>Authentication</b>
+        </>
+      );
+    case 'idp':
+      return (
+        <>
+          <ConsoleIconWrapper icon={ConsoleIcons.idNumber} />{' '}
+          <b>Identity providers</b>
+        </>
+      );
+    case 'domains':
+      return (
+        <>
+          <ConsoleIconWrapper icon={ConsoleIcons.globeNetwork} /> <b>Domains</b>
+        </>
+      );
     case 'projects':
       return (
         <>
           <ConsoleIconWrapper icon={ConsoleIcons.projects} /> <b>Projects</b>
         </>
       );
-      case 'projectsettings':
+    case 'projectsettings':
       return (
         <>
           <ConsoleIconWrapper icon={ConsoleIcons.cog} /> <b>Settings</b>
@@ -175,6 +200,12 @@ export default function ConsoleLabel({name}): ReactElement {
           <ConsoleIconWrapper icon={ConsoleIcons.user} /> <b>View profile</b>
         </>
       );
+    case 'authenticationmethod':
+      return (
+        <>
+          <ConsoleIconWrapper icon={ConsoleIcons.key} /> <b>Authentication</b>
+        </>
+      );
     case 'groups':
       return (
         <>