The most common misunderstanding that our users have when configuring
SSO (specifically Okta, since it refers to the value by a different
name) is what to put in this Entity ID field. If it doesn't match the
IdP's version, SSO will fail.
We were also directing users to retrieve an issuer URI, which would
presumably be used as the Entity ID. The problem is, the rest of our
docs don't state that, and instead tell users to use a simple value such
as `fleet`.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#42440
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [x] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Enabled renewing and deleting Apple Business Manager (AB) tokens in
the UI when running in GitOps mode.
* Apple Business Manager table actions now adapt to GitOps mode: some
actions are disabled and contextual tooltips explain unavailable options
(including repository-linked guidance when applicable).
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#43977
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [ ] Added/updated automated tests
- [X] QA'd all new/changed functionality manually
- Repro'd issue on main
- Verified on this branch that dirtying the form and then focusing
elsewhere / refocusing on page doesn't lose changes.
For unreleased bug fixes in a release candidate, one of:
- [X] Confirmed that the fix is not expected to adversely impact load
test results
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Bug Fixes
* Fixed an issue where the Change Management form would reset upon
losing and regaining page focus.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#41676
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [ x] Added/updated automated tests
- [x ] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Apple MDM APNS certificate signing now shows a clear, domain-specific
error when an unsupported email domain is supplied (applies to CSR
requests and renewal flows), replacing the previous generic "invalid
email" message.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Summary
- Reduces h2 `font-size` from `$medium` (1.25rem / 20px) to `$small`
(1rem / 16px) across 6 component stylesheets in the Fleet UI frontend.
- set side-nav__container to `align-items` `flex-start` so it's
consistent in **Controls** and **Admin** pages with same layout.
## QA
- Verify h2 headings render at 16px (1rem) across the affected pages:
- Section headers (global component)
- Host query report table
- Device user "Setting up your device" page
- Windows automatic enrollment settings page
- Software vulnerability details page
- Software title details edit icon modal
---
Built for
[Mel](https://fleetdm.slack.com/archives/D0AKX7DJFCN/p1775487801759869)
by [Kilo for Slack](https://kilo.ai/features/slack-integration)
---------
Co-authored-by: kiloconnect[bot] <240665456+kiloconnect[bot]@users.noreply.github.com>
Co-authored-by: melpike <melpike.dev@gmail.com>
Co-authored-by: melpike <79950145+melpike@users.noreply.github.com>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#42765
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Style
* Enhanced the responsive design of the Identity Provider section by
updating the "learn more" link to dynamically size based on its content
rather than maintaining a fixed width constraint, improving flexibility
and visual consistency across different contexts.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Missed a few AMB UI instances as part of [Rename Apple Business Manager
(ABM) to Apple Business (AB) in
UI](https://github.com/fleetdm/fleet/issues/42512)
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:**
https://github.com/fleetdm/fleet/issues/42512#issuecomment-4238323552
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated user-facing text and messaging across Apple Business Manager
integration pages, including modal titles, instructional content, and
setup guides
* Refined terminology, formatting, and punctuation throughout tooltip
content, administrative configuration descriptions, and user guidance
* Adjusted messaging and instructional text in Apple Business Manager
and VPP settings pages
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Issue
- First batch of @iansltx 's work of cleaning up lint warnings #43387
## Description
- Quick PR review and grabbed as many confirmed low-risk quick wins as I
could `git checkout lint-cleanup <file/path/1> <file/path/2>`
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
This release contains internal code improvements with one minor UI
tweak:
* **Style**
* Dropdown menu background color adjusted for clearer contrast in action
lists
* **Refactor**
* Improved type safety across the codebase with stricter TypeScript
annotations
* Removed unused imports and constants to reduce code clutter
* Enhanced React hook dependency arrays for more consistent component
behavior
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Rachel Perkins <rachel@Rachels-MacBook-Pro.local>
Co-authored-by: Ian Littman <iansltx@gmail.com>
Zed + Opus 4.6; prompt: Convert the InputField JSX component to
TypeScript and remove the ts-ignore directives that we no longer need
after doing so.
- [x] Changes file added
- [x] Automated tests updated
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#42512
---------
Co-authored-by: Luke Heath <luke@fleetdm.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Resolves#40164
Manually verified:
<img width="785" height="187" alt="image"
src="https://github.com/user-attachments/assets/c2b91fd4-3592-4760-8241-c33a89e162c0"
/>
Adds a "Learn more" link to the [End-user
Authentication](https://fleetdm.com/guides/setup-experience#end-user-authentication)
documentation on the `/settings/integrations/sso/end-users` page, making
it easier for customers to reference docs while configuring SSO
settings.
- **`EndUserAuthSection.tsx`**: Appended a `Learn more` anchor (opens in
new tab) after the description text in the end-user auth settings card.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a "Learn more" link in the end user authentication setup
section, providing quick access to comprehensive setup guidance and
documentation.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: getvictor <2685025+getvictor@users.noreply.github.com>
**Related issue:** Resolves#42182
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See <a
href="https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files">Changes
files</a> for more information.
will add to last PR
## Testing
- [X] Added/updated automated tests
- [X] Added `ChangeManagement.tests.tsx` with unit/integration tests
covering:
- Exceptions checkboxes render correctly from config for new install
(only Enroll secrets checked) and migrated instances (Labels and Enroll
secrets checked)
- Form save sends the correct `gitops.exceptions` payload via
`configAPI.update`
- Form validation shows error when GitOps mode is enabled but no repo
URL is provided
- Non-premium tier renders the premium feature message
- [X] QA'd all new/changed functionality manually
- [X] verified that Labels and Secrets are checked for pre-existing
(migrated) instance
- [X] verified that only Secrets is checked for new instance
- [X] verified that changing the settings in the UI and saving persists
the `gitops.exceptions` config as expected
<img
src="https://github.com/user-attachments/assets/095c538c-68aa-4179-b4b1-fd5878c0a2b0">
## Summary by CodeRabbit
* **New Features**
* Added GitOps exceptions configuration in Change Management settings
with toggles for Labels, Software, and Enroll Secrets, enabling granular
control over exception flags.
<!-- START COPILOT CODING AGENT TIPS -->
---
✨ Let Copilot coding agent [set things up for
you](https://github.com/fleetdm/fleet/issues/new?title=✨+Set+up+Copilot+instructions&body=Configure%20instructions%20for%20this%20repository%20as%20documented%20in%20%5BBest%20practices%20for%20Copilot%20coding%20agent%20in%20your%20repository%5D%28https://gh.io/copilot-coding-agent-tips%29%2E%0A%0A%3COnboard%20this%20repo%3E&assignees=copilot)
— coding agent works faster and does higher quality work when set up for
your repo.
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: sgress454 <553428+sgress454@users.noreply.github.com>
## Summary
- Remove incorrect `color: $ui-fleet-black-75` override on `h2` elements
in the Windows automatic enrollment page
(`/settings/integrations/automatic-enrollment/windows`)
- Section headings ("MDM URLs", "Entra tenants") now inherit the global
heading color (`$core-fleet-black` / `#192147`) instead of the muted
body text color (`$ui-fleet-black-75` / `#515774`)
- This aligns the Windows page with the `SectionHeader` component
pattern and all other MDM settings pages in the Fleet UI
## Details
The `_styles.scss` for the Windows automatic enrollment page had an
explicit `color: $ui-fleet-black-75` on `h2` elements, which overrode
the global heading color set in `_global.scss` (`h1, h2, h3 { color:
$core-fleet-black; }`). This made the section headings appear in the
subdued gray color meant for body text rather than the darker color used
for all other headings across the settings UI.
### Changes
-
`frontend/pages/admin/IntegrationsPage/cards/MdmSettings/WindowsAutomaticEnrollmentPage/_styles.scss`:
Removed `color: $ui-fleet-black-75` from `h2` rule
Built for
[Mel](https://fleetdm.slack.com/archives/D0AKX7DJFCN/p1773759260523069)
by [Kilo for Slack](https://kilo.ai/features/slack-integration)
Co-authored-by: kiloconnect[bot] <240665456+kiloconnect[bot]@users.noreply.github.com>
## Summary
- Changed all modal "Done" dismiss/close button labels to "Close" across
48 frontend component files
- Updated instructional text in `AutoEnrollMdmModal` that referenced the
"Done" button to say "Close" instead
- Updated 7 test files to assert "Close" instead of "Done" for modal
button names
## Excluded (intentionally not changed)
- `LiveResultsHeading.tsx` — "Done" button is a page-level navigation
action, not a modal dismiss
- `AddAbmModal.tsx` — Instructional text referencing Apple Business
Manager's "Done" button
- `Calendars.tsx` — Instructional text referencing Google Calendar's
"Done" button
- `ModalFooter.stories.tsx` — Storybook demo example
Built for
[Mel](https://fleetdm.slack.com/archives/D0AKX7DJFCN/p1773674157011109?thread_ts=1773673149.649299&cid=D0AKX7DJFCN)
by [Kilo for Slack](https://kilo.ai/features/slack-integration)
---------
Co-authored-by: kiloconnect[bot] <240665456+kiloconnect[bot]@users.noreply.github.com>
Co-authored-by: melpike <mel@fleetdm.com>
Co-authored-by: melpike <79950145+melpike@users.noreply.github.com>
**Related issue:** Resolves#38546
This fixes a quick error message flash on the mdm settings page when
apple mdm is turned off. We have a finally fixed an issue of stale data
on the integration page getting passed down to the mdm card when turning
apple mdm off. We now invalidate the cache of the config when apple mdm
is turned off, that way we make a request to get the most recent config
which will have the up to date data for `mdm.enabled_and_configured`.
# Checklist for submitter
- [x] QA'd all new/changed functionality manually
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#41532
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved error messaging when deleting a certificate authority that is
referenced by certificate templates. Users now receive a clear,
user-friendly message instead of a generic database error.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#41391
# Details
This PR updates front-end API calls to use new URLs and API params, so
that the front end doesn't cause deprecation warnings to appear on the
server.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
n/a, should not be user-visible
## Testing
- [X] Added/updated automated tests
- [ ] QA'd all new/changed functionality manually
The biggest risk here is not that we missed a spot that still causes a
deprecation warning, but that we might inadvertently make a change that
breaks the front end, for instance by sending `fleet_id` to a function
that drops it silently and thus sends no ID to the server. Fortunately
we use TypeScript in virtually every place affected by these changes, so
the code would not compile if there were mismatches between the API
expectation and what we're sending. Still, spot checking as many places
as possible both for deprecation-warning leaks and loss of functionality
is important.
## Summary by CodeRabbit
* **Refactor**
* Updated API nomenclature across the application to use "fleets"
instead of "teams" and "reports" instead of "queries" in endpoint paths
and request/response payloads.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#38585
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
## Testing
- [x] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Fixed Microsoft NDES CA selection to work immediately after deleting
an existing NDES CA without requiring a page refresh.
* Added validation preventing multiple NDES CAs from being added, with a
tooltip message explaining the limitation.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Simplified modal structures across multiple dialog components for
improved code maintainability.
* Enhanced modal component's flexibility to support broader content
types.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
**Related issue:** Resolves#38546
This fixes an issue where the MDM section on the intergation page was
not updating properly when apple mdm was turned off
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] QA'd all new/changed functionality manually
---------
Co-authored-by: Magnus Jensen <magnus@fleetdm.com>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#34521
# Checklist for submitter
- [x] QA'd all new/changed functionality manually
**Related issue:** Resolves#39000
<img width="1014" height="626" alt="Screenshot 2026-02-10 at 8 44 22 PM"
src="https://github.com/user-attachments/assets/9d66906f-732e-4376-83c7-24b4deda7665"
/>
- [x] Changes file added for user-visible changes in `changes/
- [x] Added/updated automated tests
- [ ] QA'd all new/changed functionality manually - TODO with [wip API
portion](https://github.com/fleetdm/fleet/issues/39004)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Fleet administrators can now control conditional access bypass on a
per-policy basis
* Added toggles to enable or disable bypass for individual policies
* Enhanced UI with tooltips displaying conditional access provider
configuration details
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#38881
This adds the UI to the add host modal that allows for android fully
managed devices.
<img width="800" height="405" alt="image"
src="https://github.com/user-attachments/assets/2f86d417-ee14-456b-a06f-32c292c5e7a3"
/>
It also includes a small copy change for delete host modal
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [ ] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
