docs: document SSO-first tenant setup and clarify the SSO order of operations#3145
Open
GregorShear wants to merge 1 commit into
Open
docs: document SSO-first tenant setup and clarify the SSO order of operations#3145GregorShear wants to merge 1 commit into
GregorShear wants to merge 1 commit into
Conversation
…erations The SSO setup docs implied a tenant should exist before SSO is configured, and glossed over the step where support associates the registered SSO provider with the tenant. Both orderings work: the onboarding flow is auth-method-blind, so a customer can have their IdP registered first, sign in via SSO with no prior social login, and create their tenant as their first action. Document both paths explicitly: - Starting fresh with SSO: register IdP with support, sign in via SSO, create tenant, then tell support the tenant name so the provider can be linked (enables SSO-routed invites and enforcement) - Adding SSO to an existing tenant: include the tenant name in the support request; permissions transfer automatically on first SSO login - Requiring SSO: note that enforcement (blocking social login for the domain) is available on request Prompted by https://estuaryworkspace.slack.com/archives/C08LJ60MDBQ/p1783484896672929
|
🚀 Preview deployed to https://docs.estuary.dev/pr-preview/pr-3145/ 📄 Changed pages: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The SSO setup docs implied a tenant should exist before SSO is configured, and skipped the step where support associates the registered SSO provider with the tenant — the step that's easy to miss and that enables SSO-routed invite links and SSO enforcement.
Both orderings work today. Tenant onboarding makes no assumptions about how the user authenticated, so a customer who doesn't want to start with a social login can have support register their IdP first, sign in via SSO as their very first interaction, and create their tenant from there.
This documents the order of operations for both paths:
Context: Slack thread