You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/commercial/single-sign-on.rst
+15-12
Original file line number
Diff line number
Diff line change
@@ -12,12 +12,7 @@ Single Sign-On is supported on |com_brand| for Pro and Enterprise plans.
12
12
Currently, we support two different types of Single Sign-On:
13
13
14
14
* Authentication *and* authorization are managed by the Identity Provider (e.g. GitHub, Bitbucket or GitLab)
15
-
* Authentication (*only*) is managed by the Identity Provider (e.g. an active GSuite/Google ``@company.com`` with a verified email address)
16
-
17
-
.. note::
18
-
19
-
SSO is currently in **Beta** and only GitHub, Bitbucket, GitLab and Google are supported for now.
20
-
If you would like to apply for the Beta, please `contact us <mailto:[email protected]>`_.
15
+
* Authentication (*only*) is managed by the Identity Provider (e.g. an active Google Workspace account with a verified email address)
21
16
22
17
.. contents::
23
18
:local:
@@ -32,6 +27,10 @@ Using an Identity Provider that supports authentication and authorization allows
32
27
In case you want a user to have access to your documentation project under Read the Docs,
33
28
that user just needs to be granted permissions in the VCS repository associated with it.
34
29
30
+
You can enable this feature in your organization by going to
31
+
your organization's detail page > :guilabel:`Settings` > :guilabel:`Authorization`
32
+
and selecting :guilabel:`GitHub, GitLab or Bitbucket` as provider.
33
+
35
34
Note the users created under Read the Docs must have their GitHub, Bitbucket or GitLab
36
35
:doc:`account connected </connected-accounts>` in order to make SSO to work.
37
36
@@ -78,8 +77,8 @@ but still want that user to have access to read the documentation.
78
77
Instead of revoking access completely, just need lower down permissions to **read** only.
79
78
80
79
81
-
SSO with GSuite (Google email account)
82
-
--------------------------------------
80
+
SSO with Google Workspace
81
+
-------------------------
83
82
84
83
Using your company's Google email address (e.g. ``[email protected]``) allows you to
85
84
manage authentication for your organization's members.
@@ -90,12 +89,16 @@ By default, users that Sign Up with a Google account do not have any permissions
90
89
However, you can define which Teams users matching your company's domain email address will auto-join when they Sign Up.
91
90
Read the following sections to learn how to grant read and admin access.
92
91
92
+
You can enable this feature in your organization by going to
93
+
your organization's detail page > :guilabel:`Settings` > :guilabel:`Authorization`
94
+
and selecting :guilabel:`Google` as provider and specifying your Google Workspace domain in the :guilabel:`Domain` field.
95
+
93
96
94
97
Grant access to read a project
95
98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
96
99
97
100
You can add a user under a "Read Only Team" to grant **read** permissions to all the projects under that Team.
98
-
This can be done under "your organization detail's page" > :guilabel:`Teams` > :guilabel:`Read Only` > :guilabel:`Invite Member`.
101
+
This can be done under your organization's detail page > :guilabel:`Teams` > :guilabel:`Read Only` > :guilabel:`Invite Member`.
99
102
100
103
To avoid this repetitive task for each employee of your company,
101
104
the owner of the Read the Docs organization can mark one or many Teams for users matching the company's domain email
@@ -111,7 +114,7 @@ Grant access to administer a project
111
114
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
112
115
113
116
You can add a user under an "Admin Team" to grant **admin** permissions to all the projects under that Team.
114
-
This can be done under "your organization detail's page" > :guilabel:`Teams` > :guilabel:`Admins` > :guilabel:`Invite Member`.
117
+
This can be done under your organization's detail page > :guilabel:`Teams` > :guilabel:`Admins` > :guilabel:`Invite Member`.
115
118
116
119
117
120
Grant access to users to import a project
@@ -128,11 +131,11 @@ Revoke user's access to a project
128
131
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
129
132
130
133
To revoke access to a project for a particular user, you should remove that user from the Team that contains that Project.
131
-
This can be done under "your organization detail's page" > :guilabel:`Teams` > :guilabel:`Read Only` and click :guilabel:`Remove` next to the user you want to revoke access.
134
+
This can be done under your organization's detail page > :guilabel:`Teams` > :guilabel:`Read Only` and click :guilabel:`Remove` next to the user you want to revoke access.
132
135
133
136
134
137
Revoke user's access to all the projects
135
138
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
136
139
137
-
By disabling the GSuite/Google account with email ``[email protected]``,
140
+
By disabling the Google Workspace account with email ``[email protected]``,
138
141
you revoke access to all the projects that user had access and disable login on Read the Docs completely for that user.
0 commit comments