Enterprise SSO (SAML) documentation #3019

shaunmulligan · 2024-07-03T19:06:50Z

Draft of SSO/SAML docs, still needs:

Updated screenshots
Check wording on "Merge Account" naming.

pages/learn/accounts/enterprise-sso.md

vipulgupta2048 · 2024-07-08T11:06:58Z

pages/learn/accounts/enterprise-sso.md

+
+### Setting up a new SAML user
+
+To log in using your enterprise SAML authentication, you must first have or [create](https://dashboard.balena-cloud.com/signup) a standard balenaCloud account using your company email address. Once logged in to this account, navigate to your [user preferences](https://dashboard.balena-cloud.com/preferences/details) and click "Merge Account".


Suggested change

To log in using your enterprise SAML authentication, you must first have or [create](https://dashboard.balena-cloud.com/signup) a standard balenaCloud account using your company email address. Once logged in to this account, navigate to your [user preferences](https://dashboard.balena-cloud.com/preferences/details) and click "Merge Account".

To log in using your enterprise SAML authentication, you must first have an existing balenaCloud account using your company email address. If you don't have an account, you can [create a new balenaCloud account](https://dashboard.balena-cloud.com/signup). Once logged in, navigate to [user preferences](https://dashboard.balena-cloud.com/preferences/details) from the top right profile icon in the dashboard header and click "Merge Account".

vipulgupta2048 · 2024-07-08T11:10:06Z

pages/learn/accounts/enterprise-sso.md

+* Data and Privacy: Your personal data associated with the account will be transferred to the company. The company will be responsible for the protection and use of your data in accordance with the existing privacy policy.
+* Consent: By proceeding with this transfer, you confirm that you have the authority to transfer the account to the company and that you consent to the changes outlined above.
+
+By clicking the "Merge account" button, you agree to the above terms. If you have any questions or concerns, please contact our support team before completing the transfer.


Suggested change

By clicking the "Merge account" button, you agree to the above terms. If you have any questions or concerns, please contact our support team before completing the transfer.

By clicking the "Merge account" button, you agree to the above terms. For any queries or questions, contact our [support team](https://balena.io/support) before completing the transfer.

pages/learn/accounts/enterprise-sso.md

vipulgupta2048 · 2024-07-08T11:17:42Z

pages/learn/accounts/enterprise-sso.md

+
+<!-- NOTE: we link to this FAQ in the dashboard -->
+#### How do I delete a SAML account?
+To delete a SAML account, you must use the `sdk`. This is only necessary if you are looking to [delete your Idp](#how-do-i-delete-an-identity-provider-in-balenacloud). Removing the user from your IdP will block their balenaCloud access. If you really want to delete your SAML users, execute the following command: 


Only admins would be able to run this and actually delete. Better to mention that.

Suggested change

To delete a SAML account, you must use the `sdk`. This is only necessary if you are looking to [delete your Idp](#how-do-i-delete-an-identity-provider-in-balenacloud). Removing the user from your IdP will block their balenaCloud access. If you really want to delete your SAML users, execute the following command:

To delete a SAML account, you must use the [balenaSDK](https://docs.balena.io/reference/sdk/node-sdk/). This is only necessary if you are looking to [delete your Idp](#how-do-i-delete-an-identity-provider-in-balenacloud). Removing the user from your IdP will block their balenaCloud access. If you really want to delete your SAML users, execute the following command:

otaviojacobi · 2024-07-08T11:50:48Z

We also probably want to update the guides screenshots on google/microsoft to show a balena-cloud.com url rather balena-staging.com

otaviojacobi · 2024-07-10T11:07:58Z

pages/learn/accounts/enterprise-sso.md

+<!-- TODO: Update to latest screenshot -->
+<img alt="Enable SSO modal with SSO identifier filled in." src="/img/common/saml/add-sso-identifier-merge-modal.png" width="60%">
+
+__Important:__ By activating SAML, you are transferring your personal account to a company account. The following changes will occur:


We should probably add a comment mentioning that this is non (at least trivially) roll back, e.g. once a user becomes saml managed it can't be easily undone (it will require intervention from us)

otaviojacobi · 2024-07-10T11:09:52Z

pages/learn/accounts/enterprise-sso.md

+
+<!-- NOTE: we link to this FAQ in the dashboard -->
+#### How do I delete a SAML account?
+To delete a SAML account, you must use the `sdk`. This is only necessary if you are looking to [delete your Idp](#how-do-i-delete-an-identity-provider-in-balenacloud). Removing the user from your IdP will block their balenaCloud access. 


I think we can maybe put the Removing the user from your IdP will block their balenaCloud access. in bold. and also mention that this blocks users from login in but their current session (that can be up to 12h long) will still remain valid for this 12hours.

otaviojacobi · 2024-07-10T11:11:06Z

pages/learn/accounts/enterprise-sso.md

+
+## Link a SAML Identity Provider
+
+To enable Single Sign-On (SSO) for balenaCloud organizations, you must establish a connection with your external Identity Provider (IdP). This process assumes that you have already configured a [SAML 2.0 IdP and possess an XML certificate][ms-saml] ready for upload.


I think we need to make a little bit more clear that we support all SAML 2.0 Identity providers, we just showed the examples of how to do with MS/and google workspace as they are more common but any SAML 2.0 IdP is supported (okta, etc)

Change-type: minor

Co-authored-by: Vipul Gupta <[email protected]>

vipulgupta2048 · 2024-07-10T11:50:27Z