Merging upstream version 1.46.3.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

3 files changed, 224 insertions, 0 deletions

diff --git a/integrations/cloud-authentication/integrations/oidc.md b/integrations/cloud-authentication/integrations/oidc.md
new file mode 100644
index 000000000..a9be92126
--- /dev/null
+++ b/integrations/cloud-authentication/integrations/oidc.md
@@ -0,0 +1,64 @@
+<!--startmeta
+custom_edit_url: "https://github.com/netdata/netdata/edit/master/integrations/cloud-authentication/integrations/oidc.md"
+meta_yaml: "https://github.com/netdata/netdata/edit/master/integrations/cloud-authentication/metadata.yaml"
+sidebar_label: "OIDC"
+learn_status: "Published"
+learn_rel_path: "Netdata Cloud/Authentication & Authorization/Cloud Authentication & Authorization Integrations"
+message: "DO NOT EDIT THIS FILE DIRECTLY, IT IS GENERATED BY THE AUTHENTICATION'S metadata.yaml FILE"
+endmeta-->
+
+# OIDC
+
+
+<img src="https://netdata.cloud/img/openid.svg" width="150"/>
+
+
+Integrate your organization's Authorization Servers with Netdata to better manage your team's access controls to Netdata Cloud.
+
+
+<img src="https://img.shields.io/badge/maintained%20by-Netdata-%2300ab44" />
+
+## Setup
+
+### Prerequisites
+- Authorization Server with OIDC protocol supported
+- A Netdata Cloud account
+- Access to the Space as an **Admin**
+- Space needs to be on a paid plan
+
+### Setting up Authorization Server
+Your server should follow the [full specification for OIDC](https://openid.net/specs/openid-connect-core-1_0.html).
+In order to integrate your Authorization Server with Netdata the creation of a client is required. Clients are applications and services that can request authentication of a user.
+The access settings for your client are the following:
+
+| field                    | value                                                 |
+| :--                      | :--                                                   |
+| Root URL                 | `https://app.netdata.cloud/``                           |
+| Home/Initiate login URL  | `https://app.netdata.cloud/api/v2/auth/account/auth-server?iss={your-server-issuer-url}&redirect_uri=https://app.netdata.cloud/sign-in&register_uri=https://app.netdata.cloud/sign-up/verify`  |
+| Redirect URL             | `https://app.netdata.cloud/api/v2/auth/account/auth-server/callback`  |
+
+### Netdata Configuration Steps
+1. Click on the Space settings cog (located above your profile icon)
+2. Click on the **Authentication** tab
+3. On the OIDC card, click on **Configure**
+4. Fill in the required credentials:
+    - **Issuer URL** the Authorization Server Issuer URL, e.g. `https://my-auth-server.com/`
+    - **Client ID** the Client ID from the created client
+    - **Client Secret** the Client Secret from the created client
+    - **Authorization URL** the Authorization Server authorization URL, e.g. `https://my-auth-server.com/openid-connect/auth`
+    - **Token URL** the Authorization Server token URL, e.g. `https://my-auth-server.com/openid-connect/token`
+    - **User URL** the Authorization Server user info URL, e.g. `https://my-auth-server.com/openid-connect/userinfo`
+
+### Supported features
+* SP-initiated SSO (Single Sign-On)
+* IdP-initiated SSO
+
+### SP-initiated SSO
+
+If you start your authentication flow from Netdata sign-in page please check [these steps](/docs/netdata-cloud/authentication-and-authorization/enterprise-sso-authentication.md#from-netdata-sign-up-page).
+
+
+### Reference
+https://openid.net/developers/how-connect-works/
+
+
diff --git a/integrations/cloud-authentication/integrations/okta_sso.md b/integrations/cloud-authentication/integrations/okta_sso.md
new file mode 100644
index 000000000..aeadec46a
--- /dev/null
+++ b/integrations/cloud-authentication/integrations/okta_sso.md
@@ -0,0 +1,55 @@
+<!--startmeta
+custom_edit_url: "https://github.com/netdata/netdata/edit/master/integrations/cloud-authentication/integrations/okta_sso.md"
+meta_yaml: "https://github.com/netdata/netdata/edit/master/integrations/cloud-authentication/metadata.yaml"
+sidebar_label: "Okta SSO"
+learn_status: "Published"
+learn_rel_path: "Netdata Cloud/Authentication & Authorization/Cloud Authentication & Authorization Integrations"
+message: "DO NOT EDIT THIS FILE DIRECTLY, IT IS GENERATED BY THE AUTHENTICATION'S metadata.yaml FILE"
+endmeta-->
+
+# Okta SSO
+
+
+<img src="https://netdata.cloud/img/okta.png" width="150"/>
+
+
+Integrate your organization's Okta account with Netdata to better manage your team's access controls to Netdata Cloud.
+
+
+<img src="https://img.shields.io/badge/maintained%20by-Netdata-%2300ab44" />
+
+## Setup
+
+### Prerequisites
+- An Okta account
+- A Netdata Cloud account
+- Access to the Space as an **Admin**
+- Space needs to be on a paid plan
+
+### Setting up Okta
+Steps needed to be done on Okta Admin Portal:
+1. Click on **Applications** tab and choose to **Browse App Catalogue**
+2. Find Netdata's preconfigured app for easy setup and click **Add Integration**
+3. Give the app, that will be in your apps dashboard, the preferred **Application label** and click **Next** to move to the Sign-On options tab
+4. In the **Sign-On Options** all the values we expect are already filled and no additional data is required
+5. Click **Done**. You are able to go back and edit any fields later if need be
+6. Go to the **Assignments** tab and enter the People or Group assignments as per your organization’s policies
+
+### Netdata Configuration Steps
+1. Click on the Space settings cog (located above your profile icon)
+2. Click on the **Authentication** tab
+3. On the Okta SSO card, click on **Configure**
+4. Fill in the [required credentials](https://developer.okta.com/docs/guides/find-your-app-credentials/main/), you get them from **Okta Admin Portal**:
+    - **Issuer URL** you can get it from your profile icon on top, e.g. `https://company-name.okta.com`
+    - **Client ID** you can get it from **General** tab on application you configured on Okta
+    - **Client Secret** you can get it from **General** tab on application you configured on Okta
+
+### Supported features
+* SP-initiated SSO (Single Sign-On)
+* IdP-initiated SSO
+
+### SP-initiated SSO
+
+If you start your authentication flow from Netdata sign-in page please check [these steps](/docs/netdata-cloud/authentication-and-authorization/enterprise-sso-authentication.md#from-netdata-sign-up-page).
+
+
diff --git a/integrations/cloud-authentication/metadata.yaml b/integrations/cloud-authentication/metadata.yaml
new file mode 100644
index 000000000..8f461845b
--- /dev/null
+++ b/integrations/cloud-authentication/metadata.yaml
@@ -0,0 +1,105 @@
+# yamllint disable rule:line-length
+---
+- id: 'okta-authentication'
+  meta:
+    name: 'Okta SSO'
+    link: 'https://netdata.cloud'
+    categories:
+      - auth
+    icon_filename: 'okta.png'
+  keywords:
+    - sso
+    - okta
+    - okta-sso
+  overview:
+    authentication_description: "Integrate your organization's Okta account with Netdata to better manage your team's access controls to Netdata Cloud."
+    authentication_limitations: ''
+  setup:
+    description: |
+      ### Prerequisites
+      - An Okta account
+      - A Netdata Cloud account
+      - Access to the Space as an **Admin**
+      - Space needs to be on a paid plan
+
+      ### Setting up Okta
+      Steps needed to be done on Okta Admin Portal:
+      1. Click on **Applications** tab and choose to **Browse App Catalogue**
+      2. Find Netdata's preconfigured app for easy setup and click **Add Integration**
+      3. Give the app, that will be in your apps dashboard, the preferred **Application label** and click **Next** to move to the Sign-On options tab
+      4. In the **Sign-On Options** all the values we expect are already filled and no additional data is required
+      5. Click **Done**. You are able to go back and edit any fields later if need be
+      6. Go to the **Assignments** tab and enter the People or Group assignments as per your organization’s policies
+
+      ### Netdata Configuration Steps
+      1. Click on the Space settings cog (located above your profile icon)
+      2. Click on the **Authentication** tab
+      3. On the Okta SSO card, click on **Configure**
+      4. Fill in the [required credentials](https://developer.okta.com/docs/guides/find-your-app-credentials/main/), you get them from **Okta Admin Portal**:
+          - **Issuer URL** you can get it from your profile icon on top, e.g. `https://company-name.okta.com`
+          - **Client ID** you can get it from **General** tab on application you configured on Okta
+          - **Client Secret** you can get it from **General** tab on application you configured on Okta
+
+      ### Supported features
+      * SP-initiated SSO (Single Sign-On)
+      * IdP-initiated SSO
+
+      ### SP-initiated SSO
+
+      If you start your authentication flow from Netdata sign-in page please check [these steps](/docs/netdata-cloud/authentication-and-authorization/enterprise-sso-authentication.md#from-netdata-sign-up-page).
+
+- id: 'oidc-authentication'
+  meta:
+    name: 'OIDC'
+    link: 'https://netdata.cloud'
+    categories:
+      - auth
+    icon_filename: 'openid.svg'
+  keywords:
+    - sso
+    - oidc
+  overview:
+    authentication_description: "Integrate your organization's Authorization Servers with Netdata to better manage your team's access controls to Netdata Cloud."
+    authentication_limitations: ''
+  setup:
+    description: |
+      ### Prerequisites
+      - Authorization Server with OIDC protocol supported
+      - A Netdata Cloud account
+      - Access to the Space as an **Admin**
+      - Space needs to be on a paid plan
+
+      ### Setting up Authorization Server
+      Your server should follow the [full specification for OIDC](https://openid.net/specs/openid-connect-core-1_0.html).
+      In order to integrate your Authorization Server with Netdata the creation of a client is required. Clients are applications and services that can request authentication of a user.
+      The access settings for your client are the following:
+
+      | field                    | value                                                 |
+      | :--                      | :--                                                   |
+      | Root URL                 | `https://app.netdata.cloud/``                           |
+      | Home/Initiate login URL  | `https://app.netdata.cloud/api/v2/auth/account/auth-server?iss={your-server-issuer-url}&redirect_uri=https://app.netdata.cloud/sign-in&register_uri=https://app.netdata.cloud/sign-up/verify`  |
+      | Redirect URL             | `https://app.netdata.cloud/api/v2/auth/account/auth-server/callback`  |
+
+      ### Netdata Configuration Steps
+      1. Click on the Space settings cog (located above your profile icon)
+      2. Click on the **Authentication** tab
+      3. On the OIDC card, click on **Configure**
+      4. Fill in the required credentials:
+          - **Issuer URL** the Authorization Server Issuer URL, e.g. `https://my-auth-server.com/`
+          - **Client ID** the Client ID from the created client
+          - **Client Secret** the Client Secret from the created client
+          - **Authorization URL** the Authorization Server authorization URL, e.g. `https://my-auth-server.com/openid-connect/auth`
+          - **Token URL** the Authorization Server token URL, e.g. `https://my-auth-server.com/openid-connect/token`
+          - **User URL** the Authorization Server user info URL, e.g. `https://my-auth-server.com/openid-connect/userinfo`
+
+      ### Supported features
+      * SP-initiated SSO (Single Sign-On)
+      * IdP-initiated SSO
+
+      ### SP-initiated SSO
+
+      If you start your authentication flow from Netdata sign-in page please check [these steps](/docs/netdata-cloud/authentication-and-authorization/enterprise-sso-authentication.md#from-netdata-sign-up-page).
+
+
+      ### Reference
+      https://openid.net/developers/how-connect-works/