Skip to content

Commit bba466b

Browse files
authored
Docs: Update Google SSO docs (#11191)
* Docs: Update Google SSO docs To better reflect the current state of Google SSO. * Use new session expiration
1 parent e7631a3 commit bba466b

File tree

2 files changed

+29
-4
lines changed

2 files changed

+29
-4
lines changed

docs/user/commercial/single-sign-on.rst

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -36,9 +36,9 @@ Learn how to configure this SSO method with our :doc:`/guides/setup-single-sign-
3636
SSO with Google Workspace
3737
-------------------------
3838

39-
This feature allows you to restrict access to users with a specific email address (e.g. ``[email protected]``),
39+
This feature allows you to easily manage access to users with a specific email address (e.g. ``[email protected]``),
4040
where ``company.com`` is a registered Google Workspace domain.
41-
As this identity provider does not provide authorization over each project a user has access to,
41+
As this identity provider does not provide information about which projects a user has access to,
4242
permissions are managed by the :ref:`internal Read the Docs's teams <commercial/organizations:Team Types>` authorization system.
4343

4444
This feature is only available on the **Pro plan** and above.

docs/user/guides/setup-single-sign-on-google-email.rst

Lines changed: 27 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,8 @@ User setup
2424
~~~~~~~~~~
2525

2626
Using this setup,
27-
all users who have access to the configured Google Workspace will be granted a subset of permissions on your organization automatically on account creation.
27+
all users who have access to the configured Google Workspace will automatically join to your organization when they sign up with their Google account.
28+
Existing users will not be automatically joined to the organization.
2829

2930
You can still add outside collaborators and manage their access.
3031
There are two ways to manage this access:
@@ -42,6 +43,14 @@ However, you can define which teams users matching your company's domain email a
4243
2. Select **Google** in the :guilabel:`Provider` drop-down.
4344
3. Press :guilabel:`Save`.
4445

46+
After enabling SSO with Google Workspace,
47+
all users with email addresses from your configured Google Workspace domain will be required to signup using their Google account.
48+
49+
.. warning::
50+
51+
Existing users with email addresses from your configured Google Workspace domain will not be required to link their Google account,
52+
but they won't be automatically joined to your organization.
53+
4554
Configure team for all users to join
4655
------------------------------------
4756

@@ -62,7 +71,23 @@ Revoke user's access to all the projects
6271
----------------------------------------
6372

6473
By disabling the Google Workspace account with email ``[email protected]``,
65-
you revoke access to all the projects that user had access and disable login on Read the Docs completely for that user.
74+
you revoke access to all the projects the linked Read the Docs user had access to,
75+
and disable login on Read the Docs completely for that user.
76+
77+
.. warning::
78+
79+
If the user signed up to Read the Docs previously to enabling SSO with Google Workspace on your organization,
80+
they may still have access to their account and projects if they were manually added to a team.
81+
82+
To completely revoke access to a user, remove them from all the teams they are part of.
83+
84+
.. warning::
85+
86+
If the user was already signed in to Read the Docs when their access was revoked,
87+
they may still have access to documentation pages until their session expires.
88+
This is three days for the dashboard and documentation pages.
89+
90+
To completely revoke access to a user, remove them from all the teams they are part of.
6691

6792
.. seealso::
6893

0 commit comments

Comments
 (0)