Merging upstream version 1.47.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

4 files changed, 148 insertions, 4 deletions

diff --git a/integrations/cloud-authentication/integrations/oidc.md b/integrations/cloud-authentication/integrations/oidc.md
index a9be92126..22731da26 100644
--- a/integrations/cloud-authentication/integrations/oidc.md
+++ b/integrations/cloud-authentication/integrations/oidc.md
@@ -39,7 +39,7 @@ The access settings for your client are the following:
 
 ### Netdata Configuration Steps
 1. Click on the Space settings cog (located above your profile icon)
-2. Click on the **Authentication** tab
+2. Click on the **User Management** section and access **Authentication and Authorization** tab.
 3. On the OIDC card, click on **Configure**
 4. Fill in the required credentials:
     - **Issuer URL** the Authorization Server Issuer URL, e.g. `https://my-auth-server.com/`
diff --git a/integrations/cloud-authentication/integrations/okta_sso.md b/integrations/cloud-authentication/integrations/okta_sso.md
index aeadec46a..2e9593f4f 100644
--- a/integrations/cloud-authentication/integrations/okta_sso.md
+++ b/integrations/cloud-authentication/integrations/okta_sso.md
@@ -37,7 +37,7 @@ Steps needed to be done on Okta Admin Portal:
 
 ### Netdata Configuration Steps
 1. Click on the Space settings cog (located above your profile icon)
-2. Click on the **Authentication** tab
+2. Click on the **User Management** section and access **Authentication and Authorization** tab.
 3. On the Okta SSO card, click on **Configure**
 4. Fill in the [required credentials](https://developer.okta.com/docs/guides/find-your-app-credentials/main/), you get them from **Okta Admin Portal**:
     - **Issuer URL** you can get it from your profile icon on top, e.g. `https://company-name.okta.com`
diff --git a/integrations/cloud-authentication/integrations/scim.md b/integrations/cloud-authentication/integrations/scim.md
new file mode 100644
index 000000000..d759a8a9a
--- /dev/null
+++ b/integrations/cloud-authentication/integrations/scim.md
@@ -0,0 +1,76 @@
+<!--startmeta
+custom_edit_url: "https://github.com/netdata/netdata/edit/master/integrations/cloud-authentication/integrations/scim.md"
+meta_yaml: "https://github.com/netdata/netdata/edit/master/integrations/cloud-authentication/metadata.yaml"
+sidebar_label: "SCIM"
+learn_status: "Published"
+learn_rel_path: "Netdata Cloud/Authentication & Authorization/Cloud Authentication & Authorization Integrations"
+message: "DO NOT EDIT THIS FILE DIRECTLY, IT IS GENERATED BY THE AUTHENTICATION'S metadata.yaml FILE"
+endmeta-->
+
+# SCIM
+
+
+<img src="https://netdata.cloud/img/scim.svg" width="150"/>
+
+
+The System for Cross-domain Identity Management (SCIM) specification is designed to simplify the management of user identities in cloud-based applications and services.
+
+
+<img src="https://img.shields.io/badge/maintained%20by-Netdata-%2300ab44" />
+
+## Setup
+
+### Prerequisites
+- A Netdata Cloud account
+- Admin access to the Space
+- The Space must be on a paid plan
+- OIDC/SSO integration must already be enabled in one of your Spaces
+
+### Netdata Configuration Steps
+1. Click on the Space settings cog (located above your profile icon).
+2. Click on the **User Management** section and access **Authentication and Authorization** tab.
+3. In the SCIM card, click on **Activate**.
+4. Depending on your situation:
+   - If OIDC/SSO integration is already enabled in your Space, click **Activate**.
+   - If you already have a SCIM integration in another Space and want to create a linked integration here, enter the SCIM token from the original integration and click **Activate**.
+5. If the setup is successful, you will receive two parameters:
+   - **Base URL**: Use this URL as the base URL for your SCIM client.
+   - **Token**: Use this token for Bearer Authentication with your SCIM client.
+
+### Rotating the SCIM Token
+You can rotate the token provided during SCIM integration setup if needed.
+
+Steps to rotate the token:
+1. Click on the Space settings cog (located above your profile icon).
+2. Click on the **User Management** section and access **Authentication and Authorization** tab.
+3. In the already configured SCIM card, click **Configure**.
+4. Click **Regenerate Token**.
+5. If successful, you will receive a new token for Bearer Authentication with your SCIM client.
+
+### Supported Features
+This integration adheres to SCIM v2 specifications. Supported features include:
+
+- User Resource Management (urn:ietf:params:scim:schemas:core:2.0:User)
+- Patch operations: Supported
+- Bulk operations: Not supported
+- Filtering: Supported (max results: 200)
+- Password synchronization: Not supported, as we rely on SSO/OIDC authentication
+- eTag: Not supported
+- Authentication schemes: OAuth Bearer Token
+
+### User Keying Between SCIM and OIDC
+Our SCIM (System for Cross-domain Identity Management) integration utilizes OIDC (OpenID Connect) to authenticate users.
+To ensure users are correctly identified and authenticated between SCIM and OIDC, we use the following mapping:
+
+- SCIM externalID ↔ OIDC sub
+
+This mapping ensures that the identity of users remains consistent and secure across both systems.
+
+**Important**: Ensure that your OIDC and SCIM systems follow this mapping strictly.
+The externalID in SCIM must correspond to the subfield in OIDC. Any deviation from this mapping may result
+in incorrect user identification and authentication failures.
+
+### Reference
+[SCIM Specification](https://scim.org)
+
+
diff --git a/integrations/cloud-authentication/metadata.yaml b/integrations/cloud-authentication/metadata.yaml
index 8f461845b..72f5a5fe1 100644
--- a/integrations/cloud-authentication/metadata.yaml
+++ b/integrations/cloud-authentication/metadata.yaml
@@ -33,7 +33,7 @@
 
       ### Netdata Configuration Steps
       1. Click on the Space settings cog (located above your profile icon)
-      2. Click on the **Authentication** tab
+      2. Click on the **User Management** section and access **Authentication and Authorization** tab.
       3. On the Okta SSO card, click on **Configure**
       4. Fill in the [required credentials](https://developer.okta.com/docs/guides/find-your-app-credentials/main/), you get them from **Okta Admin Portal**:
           - **Issuer URL** you can get it from your profile icon on top, e.g. `https://company-name.okta.com`
@@ -82,7 +82,7 @@
 
       ### Netdata Configuration Steps
       1. Click on the Space settings cog (located above your profile icon)
-      2. Click on the **Authentication** tab
+      2. Click on the **User Management** section and access **Authentication and Authorization** tab.
       3. On the OIDC card, click on **Configure**
       4. Fill in the required credentials:
           - **Issuer URL** the Authorization Server Issuer URL, e.g. `https://my-auth-server.com/`
@@ -103,3 +103,71 @@
 
       ### Reference
       https://openid.net/developers/how-connect-works/
+
+- id: 'scim'
+  meta:
+    name: 'SCIM'
+    link: 'https://netdata.cloud'
+    categories:
+      - auth
+    icon_filename: 'scim.svg'
+  keywords:
+    - scim
+    - identity-management
+  overview:
+    authentication_description: "The System for Cross-domain Identity Management (SCIM) specification is designed to simplify the management of user identities in cloud-based applications and services."
+    authentication_limitations: ''
+  setup:
+    description: |
+      ### Prerequisites
+      - A Netdata Cloud account
+      - Admin access to the Space
+      - The Space must be on a paid plan
+      - OIDC/SSO integration must already be enabled in one of your Spaces
+
+      ### Netdata Configuration Steps
+      1. Click on the Space settings cog (located above your profile icon).
+      2. Click on the **User Management** section and access **Authentication and Authorization** tab.
+      3. In the SCIM card, click on **Activate**.
+      4. Depending on your situation:
+         - If OIDC/SSO integration is already enabled in your Space, click **Activate**.
+         - If you already have a SCIM integration in another Space and want to create a linked integration here, enter the SCIM token from the original integration and click **Activate**.
+      5. If the setup is successful, you will receive two parameters:
+         - **Base URL**: Use this URL as the base URL for your SCIM client.
+         - **Token**: Use this token for Bearer Authentication with your SCIM client.
+
+      ### Rotating the SCIM Token
+      You can rotate the token provided during SCIM integration setup if needed.
+
+      Steps to rotate the token:
+      1. Click on the Space settings cog (located above your profile icon).
+      2. Click on the **User Management** section and access **Authentication and Authorization** tab.
+      3. In the already configured SCIM card, click **Configure**.
+      4. Click **Regenerate Token**.
+      5. If successful, you will receive a new token for Bearer Authentication with your SCIM client.
+
+      ### Supported Features
+      This integration adheres to SCIM v2 specifications. Supported features include:
+
+      - User Resource Management (urn:ietf:params:scim:schemas:core:2.0:User)
+      - Patch operations: Supported
+      - Bulk operations: Not supported
+      - Filtering: Supported (max results: 200)
+      - Password synchronization: Not supported, as we rely on SSO/OIDC authentication
+      - eTag: Not supported
+      - Authentication schemes: OAuth Bearer Token
+
+      ### User Keying Between SCIM and OIDC
+      Our SCIM (System for Cross-domain Identity Management) integration utilizes OIDC (OpenID Connect) to authenticate users.
+      To ensure users are correctly identified and authenticated between SCIM and OIDC, we use the following mapping:
+
+      - SCIM externalID ↔ OIDC sub
+
+      This mapping ensures that the identity of users remains consistent and secure across both systems.
+
+      **Important**: Ensure that your OIDC and SCIM systems follow this mapping strictly.
+      The externalID in SCIM must correspond to the subfield in OIDC. Any deviation from this mapping may result
+      in incorrect user identification and authentication failures.
+
+      ### Reference
+      [SCIM Specification](https://scim.org)