Documentation for Sigle Sign-On feature on commercial #7212
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -16,24 +16,24 @@ Currently, we support two different types of Single Sign-On: | |
|
|
||
| .. note:: | ||
|
|
||
| SSO is currently in **Beta** and only GitHub and Company Email are supported for now. | ||
| If you would like to apply for the Beta, please `contact us <mailto:[email protected]>`_. | ||
|
|
||
| .. contents:: | ||
| :local: | ||
| :depth: 2 | ||
|
|
||
|
|
||
| SSO with VCS social provider (GitHub, Bitbucket or GitLab) | ||
| ---------------------------------------------------------- | ||
|
|
||
| Using an Identity Provider that supports authentication and authorization allows you to manage | ||
| "who have access to what projects on Read the Docs" directly from the provider itself. | ||
| In case you want a user to have access to your documentation project under Read the Docs, | ||
| that user just needs to be granted permissions in the VCS repository associated with it. | ||
|
|
||
| Note the users created under Read the Docs must have their GitHub, Bitbucket or GitLab | ||
|
There was a problem hiding this comment. I think GitHub, Bitbucket or GitLab ("VCS provider") Maybe it's better to be explicit here though? There was a problem hiding this comment. It's fine using "VCS provider" as a general concept here I think. We use "VCS account" already in other documents, https://docs.readthedocs.io/en/stable/connected-accounts.html. Probably better to stick with that term. I think it makes sense to mention them explicitly at the beginning maybe and use the general term in the rest of the document. It's good to avoid confusions with projects imported from outside these three providers. However, they have to be imported manually which is not discoverable in .com There was a problem hiding this comment. I made some small changes for this. I left it explicit where I thought it makes sense to make it explicit and used "VCS social provider" or "VCS provider" as well. |
||
| :doc:`account connected </connected-accounts>` in order to make SSO to work. | ||
|
|
||
| .. note:: | ||
|
|
||
|
|
@@ -45,46 +45,46 @@ account connected in order to make SSO to work. | |
| Grant access to read the documentation | ||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
|
|
||
| By granting **read** (or more) permissions to a user under VCS provider | ||
| you are giving access to read the documentation of the associated project on Read the Docs to that user. | ||
|
|
||
|
|
||
| Grant access to administrate a project | ||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
|
|
||
| By granting **write** permission to a user under VCS provider | ||
| you are giving access to read the documentation *and* to be an administrator | ||
| of the associated project on Read the Docs to that user. | ||
|
|
||
|
|
||
| Grant access to import a project | ||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
|
|
||
| When SSO with VCS social provider is enabled only owners of the Read the Docs organization can import projects. | ||
| Adding users as owners of your organization will give them permissions to import projects. | ||
|
|
||
| Note that to be able to import a project, that user must have **admin** permissions in the VCS provider repository associated. | ||
|
|
||
|
|
||
| SSO with your company email address | ||
| ----------------------------------- | ||
|
|
||
| Using your company's email address (e.g. ``employee@company.com``) allows you to | ||
| "grant **read** access to all the projects under your organization to users with a ``@company.com`` verified email address". | ||
|
|
||
|
|
||
| Grant access to administer a project | ||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
|
|
||
| You can add a user under an "Admin Team" to grant **admin** permissions to all the projects under that Team. | ||
| This can be done under "your organization detail's page" > :guilabel:`Teams` > :guilabel:`Admins` > :guilabel:`Invite Member`. | ||
|
|
||
|
|
||
| Grant access to users to import a project | ||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
|
|
||
| Making the user member of any "Admin Team" under your organization (as mentioned in the previous section), | ||
| they will be granted access to import a project. | ||
|
There was a problem hiding this comment. They can only import projects into that team, right? There was a problem hiding this comment. Yes. In fact, if you are an admin, you can only import projects under the Admins teams you belong to. You cannot import projects on "Read" teams, even if you belong to --which is a bug, I'd say. See https://github.com/readthedocs/readthedocs-corporate/issues/929 I'm not sure if this has to be clarified here, since it's not related to SSO. It probably fits better on https://docs.readthedocs.io/en/stable/commercial/organizations.html |
||
|
|
||
| Note that to be able to import a project, that user must have **admin** permissions in the GitHub, Bitbucket or GitLab repository associated, | ||
| and their social account connected with Read the Docs. | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
VCS social providerfeels even more verbose and isn't a term I've ever heard before, and we're still including the full set of 3. I'm not convinced this is better :)