Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add SSO MFA docs #50533

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Add SSO MFA docs #50533

wants to merge 5 commits into from

Conversation

Joerger
Copy link
Contributor

@Joerger Joerger commented Dec 21, 2024

Add documentation for the new SSO MFA feature. See the RFD for more details.

@Joerger Joerger added documentation no-changelog Indicates that a PR does not require a changelog entry backport/branch/v17 labels Dec 21, 2024
@github-actions GitHub Actions
Copy link

🤖 Vercel preview here: https://docs-mzyc3e21c-goteleport.vercel.app/docs

@Joerger Joerger requested a review from zmb3 January 2, 2025 18:25
@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 2, 2025
edited
Loading

Amplify deployment status

Branch Commit Job ID Status Preview Updated (UTC)
joerger/sso-mfa-docs 055b7e2 4 ✅SUCCEED joerger-sso-mfa-docs 2025-01-03 21:29:04

@ptgott
Copy link
Contributor

ptgott commented Jan 2, 2025

I still need to give this a proper review, but there are some internal links we need to fix for the preview build to work:

content/current/docs/pages/admin-guides/access-controls/sso/sso.mdx
    422:3-422:43  warning  Link to unknown file: `per-session-mfa.mdx`        missing-file  remark-validate-links
    423:3-423:4[9](https://github.com/gravitational/teleport/actions/runs/12586952343/job/35081837336#step:8:10)  warning  Link to unknown file: `moderated-sessions.mdx`     missing-file  remark-validate-links
    424:3-424:47  warning  Link to unknown file: `mfa-for-admin-actions.mdx`  missing-file  remark-validate-links
  437:66-437:[10](https://github.com/gravitational/teleport/actions/runs/12586952343/job/35081837336#step:8:11)6  warning  Link to unknown file: `per-session-mfa.mdx`        missing-file  remark-validate-links

ptgott
ptgott approved these changes Jan 3, 2025
View reviewed changes
docs/pages/admin-guides/access-controls/sso/sso.mdx Outdated Show resolved Hide resolved
docs/pages/admin-guides/access-controls/sso/sso.mdx Outdated
Comment on lines 430 to 437
### Considerations

Administrators may want to consider enabling this feature for the following benefits:

- All authentication (login and MFA) goes through the IDP, reducing administrative overhead
- Make custom MFA flows, such as prompting for 2 distinct devices for a single MFA check
- Integrate with non-webauthn devices supported directly by your IDP
- Enable new SSO users to carry out privileged actions without requiring them to register their device through Teleport first
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we could condense this section with the one before by removing the "Considerations" heading" and one of the bullets. Then readers can get into the heart of the section a little more quickly.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed the last bullet point and move it up as suggested.

docs/pages/admin-guides/access-controls/sso/sso.mdx Outdated
<TabItem label="OIDC">

```yaml
(!/examples/resources/oidc-connector-mfa.yaml!)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The partial doesn't render here—do we need to remove the leading slash?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This also appears to be the case for existing sections in the preview, but those sections do load in the actual docs site.

docs/pages/admin-guides/access-controls/sso/sso.mdx Outdated
<TabItem label="SAML">

```yaml
(!/examples/resources/saml-connector-mfa.yaml!)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same issue with this partial

@Joerger Joerger deployed to docs-amplify January 3, 2025 21:19 — with GitHub Actions Active
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ptgott ptgott ptgott approved these changes

@kiosion kiosion Awaiting requested review from kiosion

@mmcallister mmcallister Awaiting requested review from mmcallister

@nklaassen nklaassen Awaiting requested review from nklaassen

@r0mant r0mant Awaiting requested review from r0mant

@xinding33 xinding33 Awaiting requested review from xinding33

@zmb3 zmb3 Awaiting requested review from zmb3

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
backport/branch/v17 documentation no-changelog Indicates that a PR does not require a changelog entry size/md
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Joerger @ptgott @zmb3