From dc29d578a69379055c4bfa98214113b1f878bc5d Mon Sep 17 00:00:00 2001 From: Manuel Kaufmann Date: Mon, 22 Jun 2020 17:58:04 +0200 Subject: [PATCH 01/14] Documentation for Sigle Sign-On feature on commercial --- docs/commercial/single-sign-on.rst | 74 ++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 docs/commercial/single-sign-on.rst diff --git a/docs/commercial/single-sign-on.rst b/docs/commercial/single-sign-on.rst new file mode 100644 index 00000000000..8c8839396e6 --- /dev/null +++ b/docs/commercial/single-sign-on.rst @@ -0,0 +1,74 @@ +Single Sign-On +============== + +.. note:: + + This feature only exists on `Read the Docs for Business `__. + + +Single Sign-On is supported on |com_brand| for Pro and Enterprise plans. +:abbr:`SSO (Single Sign-On)` will allow you to manage all the users' permissions directly on GitHub. + +.. note:: + + Currently, we only supports GitHub as Identity Provider. + We plan to support GitLab and Bitbucket soon as well. + +.. note:: + + SSO is currently in **Beta**. We are enabling it only to customers that requested it via our support channel. + If you would like to apply for the Beta, please `contact us `_. + + +Member Types +------------ + +Owners +~~~~~~ + +Owners are those users who created the Organization when Sign Up, +or where added by another owner as an organization owner. + +They have access to view and edit all the organization's setting. + +.. note:: + + They are *not granted full access* to all the projects imported under the organization. + Project's permission are *completely* managed at GitHub. + This is a noticeable difference when the organization does not have SSO enabled. + + +Members +~~~~~~~ + +Members are users that have read/admin access to at least one of the projects imported under the organization. + +They will have **read access** to all the projects imported where they have at least "Read" access +under the GitHub's repository associated to the project imported. + +They will have **admin access** to those projects where they have at least "Write" access on GitHub's repositories. + +.. note:: + + Users don't have to be invited to the Read the Docs' organization. + Just by granting access at GitHub on the repository imported under Read the Docs, + the user become part of the organization automatically. + + +Team Types +---------- + +When SSO is enabled in your organization, Teams disappear completely. +Read and Admin access to the projects are managed at GitHub, as mentioned in the previous section. + + +How it works +------------ + +When users hit your documentation page, they will be asked to login before granting access to the documentation. +Under the login form, they can choose to login with GitHub, which will automatically create them an account under Read the Docs. +Then, if the user has access to read that repository on GitHub, permissions will be granted and the user will see the documentation. + +The account created for those users, will also give them access to the Read the Docs' dashboard. +There they can see all the projects they have access to and, for those projects they have "Write" access on GitHub, +they will be able to administrate them as well. From 741d340d720062793c08e162c29b814c7abf6425 Mon Sep 17 00:00:00 2001 From: Manuel Kaufmann Date: Mon, 6 Jul 2020 15:20:14 +0200 Subject: [PATCH 02/14] Note about different behavior of regular Auth when SSO is enabled --- docs/commercial/organizations.rst | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/commercial/organizations.rst b/docs/commercial/organizations.rst index 8f692fb7999..27838091c9b 100644 --- a/docs/commercial/organizations.rst +++ b/docs/commercial/organizations.rst @@ -22,6 +22,11 @@ The best way to think about this relationship is: *Owners* will create *Teams* to assign permissions to all *Members*. +.. warning:: + + Owners, Members and Teams behave differently if you are using + :ref:`SSO with GitHub, Bitbucket or GitLab `. + Team Types ~~~~~~~~~~ @@ -44,4 +49,3 @@ Roadrunner would set up a *Team* called *Contractors*. That team would have *Read Only* access to the *Road Builder* project. Then he would add *Wile E. Coyote* to the team. This would give him access to just this one project inside the organization. - From fd23a67f2aaca0ac4db9fbc28a314e7c1dd0a0de Mon Sep 17 00:00:00 2001 From: Manuel Kaufmann Date: Mon, 6 Jul 2020 15:20:30 +0200 Subject: [PATCH 03/14] Refactor SSO document to define specific actions --- docs/commercial/single-sign-on.rst | 90 ++++++++++++++++++------------ 1 file changed, 53 insertions(+), 37 deletions(-) diff --git a/docs/commercial/single-sign-on.rst b/docs/commercial/single-sign-on.rst index 8c8839396e6..610d249f7b6 100644 --- a/docs/commercial/single-sign-on.rst +++ b/docs/commercial/single-sign-on.rst @@ -7,68 +7,84 @@ Single Sign-On Single Sign-On is supported on |com_brand| for Pro and Enterprise plans. -:abbr:`SSO (Single Sign-On)` will allow you to manage all the users' permissions directly on GitHub. +:abbr:`SSO (Single Sign-On)` will allow you to grant permissions to your organization's projects in an easy way. -.. note:: +Currently, we support two different types of Single Sign-On: - Currently, we only supports GitHub as Identity Provider. - We plan to support GitLab and Bitbucket soon as well. +* Authentication *and* authorization are managed by the Identity Provider (e.g. GitHub, Bitbucket or GitLab) +* Authentication is managed by the Identity Provider (e.g. a ``@company.com`` verified email address) .. note:: - SSO is currently in **Beta**. We are enabling it only to customers that requested it via our support channel. + SSO is currently in **Beta** and only GitHub is supported for now. If you would like to apply for the Beta, please `contact us `_. +.. contents:: + :local: + :depth: 2 -Member Types ------------- -Owners -~~~~~~ +SSO with GitHub, Bitbucket or GitLab +------------------------------------ -Owners are those users who created the Organization when Sign Up, -or where added by another owner as an organization owner. +Using an Identity Provider that supports authentication and authorization allows you to manage +"who have access to what projects on Read the Docs" directly from the provider itself. +In case you want an employee to have access to your documentation project under Read the Docs, +that employee just needs to be granted permissions in the GitHub, Bitbucket or GitLab repository associated with it. -They have access to view and edit all the organization's setting. +Note the users created under Read the Docs must have their GitHub, Bitbucket or GitLab +account connected in order to make SSO to work. .. note:: - They are *not granted full access* to all the projects imported under the organization. - Project's permission are *completely* managed at GitHub. - This is a noticeable difference when the organization does not have SSO enabled. + You can read more about `granting permissions on GitHub`_. + .. _granting permissions on GitHub: https://docs.github.com/en/github/setting-up-and-managing-organizations-and-teams/repository-permission-levels-for-an-organization -Members -~~~~~~~ -Members are users that have read/admin access to at least one of the projects imported under the organization. +Grant access to read the documentation +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -They will have **read access** to all the projects imported where they have at least "Read" access -under the GitHub's repository associated to the project imported. +By granting **read** (or more) permissions to a user under GitHub, Bitbucket or GitLab +you are giving access to read the documentation of the associated project on Read the Docs to that user. -They will have **admin access** to those projects where they have at least "Write" access on GitHub's repositories. -.. note:: +Grant access to administrate a project +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +By granting **write** to a user under GitHub, Bitbucket or GitLab +you are giving access to read the documentation *and* to be an administrator +of the associated project on Read the Docs to that user. + + +Grant access to import a project +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +When SSO with GitHub, Bitbucket or GitLab is enabled in the organization only owners can import projects on the organization. +Adding users as owners of your organization will give them permissions to import projects. + +Note that to be able to import a project, that user must have **admin** permissions in the GitHub, Bitbucket or GitLab repository associated. + + +SSO with a ``@company.com`` email address +----------------------------------------- - Users don't have to be invited to the Read the Docs' organization. - Just by granting access at GitHub on the repository imported under Read the Docs, - the user become part of the organization automatically. +Using a ``@company.com`` email address allows you to +"grant **read** access to all the projects under your organization to users with a ``@company.com`` verified email address". -Team Types ----------- +Grant access to administrate a project +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -When SSO is enabled in your organization, Teams disappear completely. -Read and Admin access to the projects are managed at GitHub, as mentioned in the previous section. +You can add a user under an "Admin Team" to grant admin permissions to all the projects under that Team. +This can be done under :guilabel:`Teams` > :guilabel:`Admins` > :guilabel:`Invite Member`. -How it works ------------- +Grant access to import a project +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -When users hit your documentation page, they will be asked to login before granting access to the documentation. -Under the login form, they can choose to login with GitHub, which will automatically create them an account under Read the Docs. -Then, if the user has access to read that repository on GitHub, permissions will be granted and the user will see the documentation. +Making the user member of any "Admin Team" under your organization (as mentioned in the previous section), +they will be granted access to import a project. -The account created for those users, will also give them access to the Read the Docs' dashboard. -There they can see all the projects they have access to and, for those projects they have "Write" access on GitHub, -they will be able to administrate them as well. +Note that to be able to import a project, that user must have at least **read** permissions in the GitHub, Bitbucket or GitLab repository associated, +and their social account connected with Read the Docs. From 5f7b386ca1c172340e2858cc0879623d372d900a Mon Sep 17 00:00:00 2001 From: Manuel Kaufmann Date: Mon, 6 Jul 2020 15:46:59 +0200 Subject: [PATCH 04/14] Employee -> User --- docs/commercial/single-sign-on.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/commercial/single-sign-on.rst b/docs/commercial/single-sign-on.rst index 610d249f7b6..8441b88760f 100644 --- a/docs/commercial/single-sign-on.rst +++ b/docs/commercial/single-sign-on.rst @@ -29,8 +29,8 @@ SSO with GitHub, Bitbucket or GitLab Using an Identity Provider that supports authentication and authorization allows you to manage "who have access to what projects on Read the Docs" directly from the provider itself. -In case you want an employee to have access to your documentation project under Read the Docs, -that employee just needs to be granted permissions in the GitHub, Bitbucket or GitLab repository associated with it. +In case you want an user to have access to your documentation project under Read the Docs, +that user just needs to be granted permissions in the GitHub, Bitbucket or GitLab repository associated with it. Note the users created under Read the Docs must have their GitHub, Bitbucket or GitLab account connected in order to make SSO to work. From 7340c5c89770453b7c4bd29249da7f3fd626eb0c Mon Sep 17 00:00:00 2001 From: Manuel Kaufmann Date: Mon, 6 Jul 2020 15:47:28 +0200 Subject: [PATCH 05/14] Typo --- docs/commercial/single-sign-on.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/commercial/single-sign-on.rst b/docs/commercial/single-sign-on.rst index 8441b88760f..c67333f2dbb 100644 --- a/docs/commercial/single-sign-on.rst +++ b/docs/commercial/single-sign-on.rst @@ -29,7 +29,7 @@ SSO with GitHub, Bitbucket or GitLab Using an Identity Provider that supports authentication and authorization allows you to manage "who have access to what projects on Read the Docs" directly from the provider itself. -In case you want an user to have access to your documentation project under Read the Docs, +In case you want a user to have access to your documentation project under Read the Docs, that user just needs to be granted permissions in the GitHub, Bitbucket or GitLab repository associated with it. Note the users created under Read the Docs must have their GitHub, Bitbucket or GitLab From 5062751d7baf59882c45046387df76d0eb2a26eb Mon Sep 17 00:00:00 2001 From: Manuel Kaufmann Date: Mon, 6 Jul 2020 15:48:53 +0200 Subject: [PATCH 06/14] Add permissions --- docs/commercial/single-sign-on.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/commercial/single-sign-on.rst b/docs/commercial/single-sign-on.rst index c67333f2dbb..778f92c5fac 100644 --- a/docs/commercial/single-sign-on.rst +++ b/docs/commercial/single-sign-on.rst @@ -52,7 +52,7 @@ you are giving access to read the documentation of the associated project on Rea Grant access to administrate a project ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -By granting **write** to a user under GitHub, Bitbucket or GitLab +By granting **write** permission to a user under GitHub, Bitbucket or GitLab you are giving access to read the documentation *and* to be an administrator of the associated project on Read the Docs to that user. From 6826a5a9e6c6cc292689315c9f3573727d88b638 Mon Sep 17 00:00:00 2001 From: Manuel Kaufmann Date: Tue, 7 Jul 2020 18:52:34 +0200 Subject: [PATCH 07/14] Update docs/commercial/single-sign-on.rst Co-authored-by: Eric Holscher <25510+ericholscher@users.noreply.github.com> --- docs/commercial/single-sign-on.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/commercial/single-sign-on.rst b/docs/commercial/single-sign-on.rst index 778f92c5fac..048e38d65bf 100644 --- a/docs/commercial/single-sign-on.rst +++ b/docs/commercial/single-sign-on.rst @@ -60,7 +60,7 @@ of the associated project on Read the Docs to that user. Grant access to import a project ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -When SSO with GitHub, Bitbucket or GitLab is enabled in the organization only owners can import projects on the organization. +When SSO with GitHub, Bitbucket or GitLab is enabled only owners of the Read the Docs organization can import projects. Adding users as owners of your organization will give them permissions to import projects. Note that to be able to import a project, that user must have **admin** permissions in the GitHub, Bitbucket or GitLab repository associated. From 43b278e96cdd68384e329331a87fad006c27fa02 Mon Sep 17 00:00:00 2001 From: Manuel Kaufmann Date: Tue, 7 Jul 2020 19:20:27 +0200 Subject: [PATCH 08/14] Admin permissions are required to import a project --- docs/commercial/single-sign-on.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/commercial/single-sign-on.rst b/docs/commercial/single-sign-on.rst index 048e38d65bf..a10c2193c65 100644 --- a/docs/commercial/single-sign-on.rst +++ b/docs/commercial/single-sign-on.rst @@ -86,5 +86,5 @@ Grant access to import a project Making the user member of any "Admin Team" under your organization (as mentioned in the previous section), they will be granted access to import a project. -Note that to be able to import a project, that user must have at least **read** permissions in the GitHub, Bitbucket or GitLab repository associated, +Note that to be able to import a project, that user must have **admin** permissions in the GitHub, Bitbucket or GitLab repository associated, and their social account connected with Read the Docs. From ebb30a7296b43b7557d95ed63c2294b9794b6d47 Mon Sep 17 00:00:00 2001 From: Manuel Kaufmann Date: Thu, 9 Jul 2020 13:30:02 +0200 Subject: [PATCH 09/14] Small copy/wording changes --- docs/commercial/single-sign-on.rst | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/docs/commercial/single-sign-on.rst b/docs/commercial/single-sign-on.rst index a10c2193c65..570e2f84fb9 100644 --- a/docs/commercial/single-sign-on.rst +++ b/docs/commercial/single-sign-on.rst @@ -16,7 +16,7 @@ Currently, we support two different types of Single Sign-On: .. note:: - SSO is currently in **Beta** and only GitHub is supported for now. + SSO is currently in **Beta** and only GitHub and Company Email are supported for now. If you would like to apply for the Beta, please `contact us `_. .. contents:: @@ -24,16 +24,16 @@ Currently, we support two different types of Single Sign-On: :depth: 2 -SSO with GitHub, Bitbucket or GitLab ------------------------------------- +SSO with VCS social provider (GitHub, Bitbucket or GitLab) +---------------------------------------------------------- Using an Identity Provider that supports authentication and authorization allows you to manage "who have access to what projects on Read the Docs" directly from the provider itself. In case you want a user to have access to your documentation project under Read the Docs, -that user just needs to be granted permissions in the GitHub, Bitbucket or GitLab repository associated with it. +that user just needs to be granted permissions in the VCS repository associated with it. Note the users created under Read the Docs must have their GitHub, Bitbucket or GitLab -account connected in order to make SSO to work. +:doc:`account connected ` in order to make SSO to work. .. note:: @@ -45,14 +45,14 @@ account connected in order to make SSO to work. Grant access to read the documentation ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -By granting **read** (or more) permissions to a user under GitHub, Bitbucket or GitLab +By granting **read** (or more) permissions to a user under VCS provider you are giving access to read the documentation of the associated project on Read the Docs to that user. Grant access to administrate a project ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -By granting **write** permission to a user under GitHub, Bitbucket or GitLab +By granting **write** permission to a user under VCS provider you are giving access to read the documentation *and* to be an administrator of the associated project on Read the Docs to that user. @@ -60,24 +60,24 @@ of the associated project on Read the Docs to that user. Grant access to import a project ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -When SSO with GitHub, Bitbucket or GitLab is enabled only owners of the Read the Docs organization can import projects. +When SSO with VCS social provider is enabled only owners of the Read the Docs organization can import projects. Adding users as owners of your organization will give them permissions to import projects. -Note that to be able to import a project, that user must have **admin** permissions in the GitHub, Bitbucket or GitLab repository associated. +Note that to be able to import a project, that user must have **admin** permissions in the VCS provider repository associated. -SSO with a ``@company.com`` email address ------------------------------------------ +SSO with your company email address +----------------------------------- -Using a ``@company.com`` email address allows you to +Using your company's email address (e.g. ``employee@company.com``) allows you to "grant **read** access to all the projects under your organization to users with a ``@company.com`` verified email address". Grant access to administrate a project ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -You can add a user under an "Admin Team" to grant admin permissions to all the projects under that Team. -This can be done under :guilabel:`Teams` > :guilabel:`Admins` > :guilabel:`Invite Member`. +You can add a user under an "Admin Team" to grant **admin** permissions to all the projects under that Team. +This can be done under "your organization detail's page" > :guilabel:`Teams` > :guilabel:`Admins` > :guilabel:`Invite Member`. Grant access to import a project From b8ad6cb4636c43697d1c3e575ccbbe722b6147fe Mon Sep 17 00:00:00 2001 From: Manuel Kaufmann Date: Thu, 9 Jul 2020 13:52:57 +0200 Subject: [PATCH 10/14] Make reference to work --- docs/commercial/organizations.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/commercial/organizations.rst b/docs/commercial/organizations.rst index 27838091c9b..eab76fe5aff 100644 --- a/docs/commercial/organizations.rst +++ b/docs/commercial/organizations.rst @@ -25,7 +25,7 @@ The best way to think about this relationship is: .. warning:: Owners, Members and Teams behave differently if you are using - :ref:`SSO with GitHub, Bitbucket or GitLab `. + :ref:`SSO with VCS social provider (GitHub, Bitbucket or GitLab) ` Team Types ~~~~~~~~~~ From 07a08bef51c2e2fd8581657ff0d04978da01a0dd Mon Sep 17 00:00:00 2001 From: Manuel Kaufmann Date: Thu, 9 Jul 2020 14:33:00 +0200 Subject: [PATCH 11/14] Include document and fix reference --- docs/commercial/index.rst | 3 ++- docs/commercial/organizations.rst | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/commercial/index.rst b/docs/commercial/index.rst index 85bd5d1fdb5..02f66bec6a5 100644 --- a/docs/commercial/index.rst +++ b/docs/commercial/index.rst @@ -29,9 +29,10 @@ Advertising-free .. _readthedocs.org: https://readthedocs.org .. _readthedocs.com: https://readthedocs.com -.. toctree:: +.. toctree:: :caption: Additional commercial features organizations + single-sign-on sharing analytics diff --git a/docs/commercial/organizations.rst b/docs/commercial/organizations.rst index eab76fe5aff..d0a7f74ed5d 100644 --- a/docs/commercial/organizations.rst +++ b/docs/commercial/organizations.rst @@ -25,7 +25,7 @@ The best way to think about this relationship is: .. warning:: Owners, Members and Teams behave differently if you are using - :ref:`SSO with VCS social provider (GitHub, Bitbucket or GitLab) ` + :ref:`SSO with VCS social provider (GitHub, Bitbucket or GitLab) ` Team Types ~~~~~~~~~~ From 4b290feba05523b07f9db8e4b48357a3b367db8e Mon Sep 17 00:00:00 2001 From: Manuel Kaufmann Date: Thu, 9 Jul 2020 14:33:40 +0200 Subject: [PATCH 12/14] Rename section titles because autosectionlabel Sphinx extension `autosectionlabel` creates a unique label per section. Since we have exactly the same section name multiple times in the same document, Sphinx raises a warning. We could `autosectionlabel_maxdepth=1` to avoid this, but that will make other subsections to stop being labeled and we may be using them. Renaming the section with a very similar title is a quick fix for now. https://www.sphinx-doc.org/es/master/usage/extensions/autosectionlabel.html --- docs/commercial/single-sign-on.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/commercial/single-sign-on.rst b/docs/commercial/single-sign-on.rst index 570e2f84fb9..bbc1bdfa3ed 100644 --- a/docs/commercial/single-sign-on.rst +++ b/docs/commercial/single-sign-on.rst @@ -73,15 +73,15 @@ Using your company's email address (e.g. ``employee@company.com``) allows you to "grant **read** access to all the projects under your organization to users with a ``@company.com`` verified email address". -Grant access to administrate a project -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Grant access to administer a project +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ You can add a user under an "Admin Team" to grant **admin** permissions to all the projects under that Team. This can be done under "your organization detail's page" > :guilabel:`Teams` > :guilabel:`Admins` > :guilabel:`Invite Member`. -Grant access to import a project -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Grant access to users to import a project +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Making the user member of any "Admin Team" under your organization (as mentioned in the previous section), they will be granted access to import a project. From edf0066b3ae193d8696a7f07e6b18329ec1fcae3 Mon Sep 17 00:00:00 2001 From: Manuel Kaufmann Date: Tue, 14 Jul 2020 11:56:19 +0200 Subject: [PATCH 13/14] Standardize usage of "VCS provider" --- docs/commercial/organizations.rst | 2 +- docs/commercial/single-sign-on.rst | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/commercial/organizations.rst b/docs/commercial/organizations.rst index d0a7f74ed5d..49f4012be7e 100644 --- a/docs/commercial/organizations.rst +++ b/docs/commercial/organizations.rst @@ -25,7 +25,7 @@ The best way to think about this relationship is: .. warning:: Owners, Members and Teams behave differently if you are using - :ref:`SSO with VCS social provider (GitHub, Bitbucket or GitLab) ` + :ref:`SSO with VCS provider (GitHub, Bitbucket or GitLab) ` Team Types ~~~~~~~~~~ diff --git a/docs/commercial/single-sign-on.rst b/docs/commercial/single-sign-on.rst index bbc1bdfa3ed..536440f1017 100644 --- a/docs/commercial/single-sign-on.rst +++ b/docs/commercial/single-sign-on.rst @@ -24,8 +24,8 @@ Currently, we support two different types of Single Sign-On: :depth: 2 -SSO with VCS social provider (GitHub, Bitbucket or GitLab) ----------------------------------------------------------- +SSO with VCS provider (GitHub, Bitbucket or GitLab) +--------------------------------------------------- Using an Identity Provider that supports authentication and authorization allows you to manage "who have access to what projects on Read the Docs" directly from the provider itself. @@ -60,10 +60,10 @@ of the associated project on Read the Docs to that user. Grant access to import a project ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -When SSO with VCS social provider is enabled only owners of the Read the Docs organization can import projects. +When SSO with VCS provider is enabled only owners of the Read the Docs organization can import projects. Adding users as owners of your organization will give them permissions to import projects. -Note that to be able to import a project, that user must have **admin** permissions in the VCS provider repository associated. +Note that to be able to import a project, that user must have **admin** permissions in the VCS repository associated. SSO with your company email address From 87200d05af259ed8a1116207b3fe6ca3e879e4bf Mon Sep 17 00:00:00 2001 From: Manuel Kaufmann Date: Tue, 14 Jul 2020 12:00:31 +0200 Subject: [PATCH 14/14] Use "VCS repository" when talking to the associated repository --- docs/commercial/single-sign-on.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/commercial/single-sign-on.rst b/docs/commercial/single-sign-on.rst index 536440f1017..d1fbbca1ff4 100644 --- a/docs/commercial/single-sign-on.rst +++ b/docs/commercial/single-sign-on.rst @@ -45,14 +45,14 @@ Note the users created under Read the Docs must have their GitHub, Bitbucket or Grant access to read the documentation ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -By granting **read** (or more) permissions to a user under VCS provider +By granting **read** (or more) permissions to a user in the VCS repository you are giving access to read the documentation of the associated project on Read the Docs to that user. Grant access to administrate a project ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -By granting **write** permission to a user under VCS provider +By granting **write** permission to a user in the VCS repository you are giving access to read the documentation *and* to be an administrator of the associated project on Read the Docs to that user.