The most common misunderstanding that our users have when configuring
SSO (specifically Okta, since it refers to the value by a different
name) is what to put in this Entity ID field. If it doesn't match the
IdP's version, SSO will fail.
We were also directing users to retrieve an issuer URI, which would
presumably be used as the Entity ID. The problem is, the rest of our
docs don't state that, and instead tell users to use a simple value such
as `fleet`.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [ ] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [ ] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/fleetd-development-and-release-strategy.md)).
- [ ] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
- [ ] For unreleased bug fixes in a release candidate, confirmed that
the fix is not expected to adversely impact load test results or alerted
the release DRI if additional load testing is needed.
---------
Co-authored-by: Brock Walters <153771548+nonpunctual@users.noreply.github.com>
Replacing an old screenshot for SSO-Setup that removes the `issuer URI`
field that is no longer needed nor available in Fleet
---------
Co-authored-by: Eric <eashaw@sailsjs.com>
Fleet shipped email 2FA. User story is here (#22078)
- Add best practice to guides:
- Email 2FA for "break-glass" user
- SSO for all other users
- Update pricing page to link to feature request instead of the user
story.
---------
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
This PR is a follow-up to https://github.com/fleetdm/fleet/issues/16660
to:
- Move all (non-recommended) deployment guides from the docs into
`/articles` under the `guides` category
- AWS ECS
- CentOS
- Cloud.gov
- AWS with Terraform
- Hetzner Cloud
- Render
- Kubernetes
- Set up redirects for migrated articles
- Add article thumbnail and cover images
# Checklist for submitter
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Co-authored-by: Eric <eashaw@sailsjs.com>
This is the last of three PRs to migrate the deployment guides into the
docs.
Changes:
- Moved content from `/articles/deploying-fleet-on-hetzner-cloud.md` to
`/docs/deploy-on-hetzner-cloud.md`.
- Removed `/articles/deploy-fleet-on-hetzner-cloud.md`.
- Moved images from the guide to `/docs/images` and renamed.
- Deleted redundant images and article cover image.
- Set up a redirect `/deploy/deploying-fleet-on-hetzner-cloud` =>
`/docs/deploy/deploy-on-hetzner-cloud`.
- Set up a redirect `/deploy` => `/docs/deploy` to redirect "Deployment
guides" in the main nav to the docs.
- Updated display names (in the docs nav) for existing deployment guides
in the docs to match the naming convention (E.g., "Deploy Fleet on
CentOS" => "CentOS")
- Removed the deployment guides article category from the blog.
# Checklist for submitter
- [ ] Manual QA for all new/changed functionality
---------
Co-authored-by: Eric <eashaw@sailsjs.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
These docs address 5 out of 7 requirements in the "Docs for MDM
migration" issue here: #9009
Docs also add an "Instructions for end users" section to address docs
for "Manual enrollment" issue:
https://github.com/fleetdm/fleet/issues/7957#issuecomment-1416262879
- Add instructions for IT admins on how to switch MDM solutions for
hosts manually enrolled to the old MDM solution
- Add instructions for IT admins on how to switch MDM solutions for
hosts automatically enrolled (DEP) to the old MDM solution
- Add information for IT admins about how Fleet treats Activation Lock
Bypass codes
- Add instructions for end users on how to switch MDM solutions for
hosts manually and automatically enrolled to the old MDM solution (same
instructions)
* update sso image
* clairfy how to find Okta information
* moving comment about user creation since it applies to all IdP configurations
* change url image link to default link
Co-authored-by: Kelvin Oghenerhoro Omereshone <kelvin@fleetdm.com>
* docs: add new manage-packs.png
* feat: add new team-agent-options.png
* feat: add new global-agent-options.png
* docs: update screenshots and docs context
* chore: delete stale screenshots
* feat: update screenshot to recommended preset size
* chore: remove editor new line
* feat: update new line
* addred cropped images to replace images in configuration.md, fixed duplicated alt text, added box-shadow to images
* more cropping
* reduce padding on ordered lists, point urls in markdown to where images will be
* Update 02-Configuration.md
* Update build-static-content.js
* remove box-shadow on images
* Update 02-Configuration.md
* Added handbook entry about images
* changed img tags to markdown links to be consistent
* undo small style change
* Update build-static-content.js
* Update handbook/product.md
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
- Add "Configuring agent options" section to `/1-Using-Fleet/1-Fleet-UI.md`
- Add 2 screenshots: 1. Global agent options form 2. Team agent options form
- Add 2 sections in `CONTRIBUTING.md` these 2 sections correspond to the "Bug report" and "Report a security vulnerability" issue templates
- Add "Is this an issue with the Fleet UI" to "Bug report" section in `CONTRIBUTING.md`. This includes a walkthrough for opening the browser's JS console and network requests
- Fix misspelled file name
Closes issue #1456 This PR adds a single sign on option to the login form, exposes single sign on to the end user, and allows an admin user to set single sign on configuration options.
