Merging upstream version 2.0.3+dfsg (Closes: #923993, #1042533, #1045145).

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-11-25 17:33:56 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-11-25 17:34:10 +0000
commit: 83ba6762cc43d9db581b979bb5e3445669e46cc2 (patch)
tree: 2e69833b43f791ed253a7a20318b767ebe56cdb8 /integrations/cloud-authentication/metadata.yaml
parent: Releasing debian version 1.47.5-1. (diff)
download: netdata-83ba6762cc43d9db581b979bb5e3445669e46cc2.tar.xz
netdata-83ba6762cc43d9db581b979bb5e3445669e46cc2.zip
1 files changed, 41 insertions, 11 deletions
diff --git a/integrations/cloud-authentication/metadata.yaml b/integrations/cloud-authentication/metadata.yaml
index 72f5a5fe1..a0bf5654d 100644
--- a/integrations/cloud-authentication/metadata.yaml
+++ b/integrations/cloud-authentication/metadata.yaml
@@ -125,6 +125,20 @@
       - The Space must be on a paid plan
       - OIDC/SSO integration must already be enabled in one of your Spaces
 
+      ### Supported Features
+      This integration adheres to SCIM v2 specifications. Supported features include:
+
+      - User Resource Management (urn:ietf:params:scim:schemas:core:2.0:User)
+      - Create users
+      - Update user attributes
+      - Deactivate users
+      - Patch operations: Supported
+      - Bulk operations: Not supported
+      - Filtering: Supported (max results: 200)
+      - Password synchronization: Not supported, as we rely on SSO/OIDC authentication
+      - eTag: Not supported
+      - Authentication schemes: OAuth Bearer Token
+
       ### Netdata Configuration Steps
       1. Click on the Space settings cog (located above your profile icon).
       2. Click on the **User Management** section and access **Authentication and Authorization** tab.
@@ -136,6 +150,19 @@
          - **Base URL**: Use this URL as the base URL for your SCIM client.
          - **Token**: Use this token for Bearer Authentication with your SCIM client.
 
+      ## Client Configuration Steps
+
+      ### Okta
+      If you're configuring SCIM in Okta, and you already have the Token from the previous section, follow these steps:
+
+      1. Go to the **Applications** menu on the left-hand panel and select the **Netdata** application.
+      2. In the **Netdata** application, navigate to the **Provisioning** tab.
+      3. Click on **Configure API Integration** and check the box for **Enable API Integration**.
+      4. Enter the Token (obtained in the *Netdata Configuration Steps* section) into the **API Token** field, then click **Test API Credentials** to ensure the connection is successful.
+      5. If the test is successful, click **Save** to apply the configuration.
+
+      ## Troubleshoot
+
       ### Rotating the SCIM Token
       You can rotate the token provided during SCIM integration setup if needed.
 
@@ -146,17 +173,6 @@
       4. Click **Regenerate Token**.
       5. If successful, you will receive a new token for Bearer Authentication with your SCIM client.
 
-      ### Supported Features
-      This integration adheres to SCIM v2 specifications. Supported features include:
-
-      - User Resource Management (urn:ietf:params:scim:schemas:core:2.0:User)
-      - Patch operations: Supported
-      - Bulk operations: Not supported
-      - Filtering: Supported (max results: 200)
-      - Password synchronization: Not supported, as we rely on SSO/OIDC authentication
-      - eTag: Not supported
-      - Authentication schemes: OAuth Bearer Token
-
       ### User Keying Between SCIM and OIDC
       Our SCIM (System for Cross-domain Identity Management) integration utilizes OIDC (OpenID Connect) to authenticate users.
       To ensure users are correctly identified and authenticated between SCIM and OIDC, we use the following mapping:
@@ -169,5 +185,19 @@
       The externalID in SCIM must correspond to the subfield in OIDC. Any deviation from this mapping may result
       in incorrect user identification and authentication failures.
 
+      ## FAQ
+
+      ### Why aren’t users automatically added to Netdata spaces when they’re created through SCIM?
+
+      Currently, our SCIM server supports only the User resource. We plan to add support for the Group resource in the future.
+
+      In a Netdata space, users can belong to multiple rooms and have different roles (e.g., admin, manager). Additionally, the same organization may have multiple spaces.
+
+      As we don't yet support groups, when a user is created through SCIM, we don’t have a way to determine which spaces, rooms, and roles the user should be assigned to.
+
+      Once we implement support for the Group resource, admins will be able to map SCIM groups to Netdata memberships, so this assignment will be done automatically.
+
+      Until then, SCIM can only be used to grant or block access to Netdata for users in your organization. After a user is created, it is up to the Netdata administrator to manually invite them to spaces, rooms and assign roles.
+
       ### Reference
       [SCIM Specification](https://scim.org)
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-11-25 17:33:56 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-11-25 17:34:10 +0000
commit	83ba6762cc43d9db581b979bb5e3445669e46cc2 (patch)
tree	2e69833b43f791ed253a7a20318b767ebe56cdb8 /integrations/cloud-authentication/metadata.yaml
parent	Releasing debian version 1.47.5-1. (diff)
download	netdata-83ba6762cc43d9db581b979bb5e3445669e46cc2.tar.xz netdata-83ba6762cc43d9db581b979bb5e3445669e46cc2.zip