From f31340cf5330e628c301dc864e9e80fc187329de Mon Sep 17 00:00:00 2001 From: Tuan Dang Date: Thu, 20 Jun 2024 16:34:21 -0700 Subject: [PATCH] Minor adjustments to oidc docs --- docs/documentation/platform/sso/auth0-oidc.mdx | 18 +++++++++--------- .../platform/sso/general-oidc.mdx | 16 +++++++++++----- .../platform/sso/keycloak-oidc.mdx | 12 ++++++------ 3 files changed, 26 insertions(+), 20 deletions(-) diff --git a/docs/documentation/platform/sso/auth0-oidc.mdx b/docs/documentation/platform/sso/auth0-oidc.mdx index d191b7f627..2b459d5ca3 100644 --- a/docs/documentation/platform/sso/auth0-oidc.mdx +++ b/docs/documentation/platform/sso/auth0-oidc.mdx @@ -15,41 +15,41 @@ description: "Learn how to configure Auth0 OIDC for Infisical SSO." 1.1. From the Application's Page, navigate to the settings tab of the Auth0 application you want to integrate with Infisical. ![OIDC auth0 list of applications](../../../images/sso/auth0-oidc/application-settings.png) - 1.2. In the Application URIs section, set the appropriate values for the **Application Login URI**, **Allowed Callback URL**, and **Allowed Web Origins** fields. + 1.2. In the Application URIs section, set the **Application Login URI** and **Allowed Web Origins** fields to `https://app.infisical.com` and the **Allowed Callback URL** field to `https://app.infisical.com/api/v1/sso/oidc/callback`. ![OIDC auth0 create application uris](../../../images/sso/auth0-oidc/application-uris.png) ![OIDC auth0 create application origin](../../../images/sso/auth0-oidc/application-origin.png) If you’re self-hosting Infisical, then you will want to replace https://app.infisical.com with your own domain. - Once done, click Save Changes. + Once done, click **Save Changes**. 1.3. Proceed to the Connections Tab and enable desired connections. ![OIDC auth0 application connections](../../../images/sso/auth0-oidc/application-connections.png) - 2.1. From the application settings page, retrieve the values of **Client Id** and **Client Secret** + 2.1. From the application settings page, retrieve the **Client ID** and **Client Secret** ![OIDC auth0 application credential](../../../images/sso/auth0-oidc/application-credential.png) - 2.2. In the advanced settings (bottom-most section), retrieve the OpenID Configuration URL from the Endpoints tab. + 2.2. In the advanced settings (bottom-most section), retrieve the **OpenID Configuration URL** from the Endpoints tab. ![OIDC auth0 application oidc url](../../../images/sso/auth0-oidc/application-urls.png) - We will need these values in the preceding steps. + Keep these values handy as we will need them in the next steps. - 3.1. Back in Infisical, in the Organization settings > Security > OIDC, click Manage + 3.1. Back in Infisical, in the Organization settings > Security > OIDC, click **Manage**. ![OIDC auth0 manage org Infisical](../../../images/sso/auth0-oidc/org-oidc-overview.png) - 3.2. For configuration type, select Discovery URL. Then, set the appropriate values for **Discovery Document URL**, **Client ID**, and **Client Secret**. + 3.2. For configuration type, select **Discovery URL**. Then, set **Discovery Document URL**, **Client ID**, and **Client Secret** from step 2.1 and 2.2. ![OIDC auth0 paste values into Infisical](../../../images/sso/auth0-oidc/org-update-oidc.png) Once you've done that, press **Update** to complete the required configuration. - - Enabling OIDC SSO allows members in your organization to log into Infisical via Auth0. + + Enabling OIDC allows members in your organization to log into Infisical via Auth0. ![OIDC auth0 enable OIDC](../../../images/sso/auth0-oidc/enable-oidc.png) diff --git a/docs/documentation/platform/sso/general-oidc.mdx b/docs/documentation/platform/sso/general-oidc.mdx index e9a4448118..ae559cc597 100644 --- a/docs/documentation/platform/sso/general-oidc.mdx +++ b/docs/documentation/platform/sso/general-oidc.mdx @@ -12,10 +12,10 @@ description: "Learn how to configure OIDC for Infisical SSO with any OIDC-compli You can configure your organization in Infisical to have members authenticate with the platform through identity providers via [OpenID Connect](https://openid.net/specs/openid-connect-core-1_0.html). -**Prerequisites:** +Prerequisites: - The identity provider (Okta, Google, Azure AD, etc.) should support OIDC. -- Users in the IdP should have a configured email and given_name. +- Users in the IdP should have a configured `email` and `given_name`. @@ -32,15 +32,21 @@ You can configure your organization in Infisical to have members authenticate wi ![OIDC general manage org Infisical](../../../images/sso/general-oidc/org-oidc-manage.png) 2.2. You can configure OIDC either through the Discovery URL (Recommended) or by inputting custom endpoints. - - If you want to configure via Discovery URL, you will have to use the URL with the following format: `https:///.well-known/openid-configuration` as input for the **Discovery Document URL** field. + + To configure OIDC via Discovery URL, set the **Configuration Type** field to **Discovery URL** and fill out the **Discovery Document URL** field. + + + Note that the Discovery Document URL typically takes the form: `https:///.well-known/openid-configuration`. + + ![OIDC general discovery config](../../../images/sso/general-oidc/discovery-oidc-form.png) - - If you want to configure via the Custom option, you will have to define values for all the required endpoints. + To configure OIDC via the custom endpoints, set the **Configuration Type** field to **Custom** and input the required endpoint fields. ![OIDC general custom config](../../../images/sso/general-oidc/custom-oidc-form.png) 2.3. Optionally, you can define a whitelist of allowed email domains. - Fill up the **Client ID** and **Client Secret** fields and press **Update** to complete the required configuration. + Finally, fill out the **Client ID** and **Client Secret** fields and press **Update** to complete the required configuration. diff --git a/docs/documentation/platform/sso/keycloak-oidc.mdx b/docs/documentation/platform/sso/keycloak-oidc.mdx index a800fb62cb..d3818f61ce 100644 --- a/docs/documentation/platform/sso/keycloak-oidc.mdx +++ b/docs/documentation/platform/sso/keycloak-oidc.mdx @@ -28,11 +28,11 @@ description: "Learn how to configure Keycloak OIDC for Infisical SSO." ![OIDC keycloak create client capability config settings](../../../images/sso/keycloak-oidc/create-client-capability.png) - 1.4. In the Login Settings step, set the appropriate values for the following: - - Root URL (base URL of Infisical) - - Home URL (base URL of Infisical) - - Valid Redirect URIs (`${INFISICAL_BASE_URL}/api/v1/sso/oidc/callback`) - - Web origins (base URL of Infisical) + 1.4. In the Login Settings step, set the following values: + - Root URL: `https://app.infisical.com`. + - Home URL: `https://app.infisical.com`. + - Valid Redirect URIs: `https://app.infisical.com/api/v1/sso/oidc/callback`. + - Web origins: `https://app.infisical.com`. ![OIDC keycloak create client login settings](../../../images/sso/keycloak-oidc/create-client-login-settings.png) @@ -60,7 +60,7 @@ description: "Learn how to configure Keycloak OIDC for Infisical SSO." 2.1. Back in Keycloak, navigate to Configure > Realm settings > General tab > Endpoints > OpenID Endpoint Configuration and copy the opened URL. This is what is to referred to as the Discovery Document URL and it takes the form: `https://keycloak-mysite.com/realms/myrealm/.well-known/openid-configuration`. ![OIDC keycloak realm OIDC metadata](../../../images/sso/keycloak-oidc/realm-setting-oidc-config.png) - 2.2. From the Clients page, navigate to the Credential tab and copy the value of Client secret for use in the preceding steps. + 2.2. From the Clients page, navigate to the Credential tab and copy the **Client Secret** to be used in the next steps. ![OIDC keycloak realm OIDC secret](../../../images/sso/keycloak-oidc/client-secret.png)