diff --git a/docs/account/index.md b/docs/account/index.md deleted file mode 100644 index a817535..0000000 --- a/docs/account/index.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -sidebar_position: 10 ---- - -# User Accounts - diff --git a/docs/sso/index.md b/docs/sso/index.md new file mode 100644 index 0000000..4193078 --- /dev/null +++ b/docs/sso/index.md @@ -0,0 +1,123 @@ +--- +sidebar_position: 10 +--- + +# Single Sign-On + +When you use SR2 Cloud services via a web browser, you will log in to the services via our Single Sign-On solution. +You can use a local account (email, password, and TOTP, +or connect your social or corporate identity if you or your organisation uses: + +* Apple *(coming soon)* +* [Google Workspace](#google-workspace) +* [Microsoft 365 Copilot](#microsoft-365-copilot) + +![Screenshot of sign in screen](/docs/sso/signin/cloud_login_start.png) + +:::warning + +When using external identity providers, it is possible for the external provider to impersonate your user to our single +sign-on service in a way that is not detectable to us. +Only use external identity providers that you fully trust. + +::: + +As an additional layer of validation, it will be necessary to verify your email address whichever login method is used. + +## Local Accounts + +### Initial Registration + +1. To register a new local account, click on the "Register" link at the bottom of the login page: + + ![Screenshot of register link at bottom of login screen](/docs/sso/signin/cloud_login_register_link.png) + +2. This will take you to the registration page: + + ![Screenshot of registration form](/docs/sso/signin/cloud_login_register_form.png) + +3. Complete the details in the form: + + * **Username** - Enter a unique name to identify your account. This will be used each time you log in. + * **Password** - Enter a password you have not used before. + This will be used each time you log in. + Ideally this would be memorised, otherwise please use a + [password manager](https://securityinabox.org/en/passwords/password-managers/). + * **Confirm Password** - Re-enter the same password to validate it has been entered correctly. + * **Email** - Enter your email address. You will need to verify this email address before you will be able to access + any service. + * **First Name** - Enter your first name. This will be displayed within the services. + * **Last Name** - Enter your last name. This will be displayed within the services. + + :::note + + When entering your name in the system, please provide information in both the first name and last name fields such + that colleagues within your organisation can easily recognize you. + While first and last names are commonly used in English-speaking regions, we acknowledge that names may not always + fit this structure. + As long as each field contains at least one letter and consists only of Latin letters, spaces, and dashes, you may + format the entries in a way that best ensures clarity and recognition within your team. + + ::: + +5. Click "Register" to submit the form. + +6. You will now need to verify your email address. + Do this by clicking the link in the email you receive on the address you used to sign up. + Ensure you do so promptly, as the link is only valid for 5 minutes. + + ![Screenshot of prompt to validate your email address](/docs/sso/signin/cloud_login_verify_email.png) + +7. Once verified, upon your first log in, you will be asked to register a second factor for authenticating. + This step is mandatory. + We recommend you install the open source [FreeOTP](https://freeotp.github.io/) app on your mobile phone for this, + although all the suggested apps will work. + Then, open this app and follow the instructions to scan the QR code. + Once registered, you will need access to this app every single time you log in. + + ![Screenshot of TOTP registration screen](/docs/sso/signin/cloud_login_authenticator_setup.png) + +### Signing In + +1. At the login form, enter the username and password created at registration. + +2. You will then be prompted for the second factor from your authenticator app: + +![Screenshot of TOTP entry](/docs/sso/signin/cloud_login_totp_entry.png) + +## Google Workspace + +1. To begin, select "Google Account" from the list of options from the login form. + +2. Complete login for your chosen account. + +3. Once you have completed the sign in for your selected Google account, you will need to consent to share some + limited information with SR2 Cloud: + + ![Screenshot of Google account consent screen](/docs/sso/signin/cloud_login_google_consent.png) + +4. Once accepted, you will need to verify your email address. + Do this by clicking the link in the email you receive on the address you used to sign up. + Ensure you do so promptly, as the link is only valid for 5 minutes. + + ![Screenshot of prompt to validate your email address](/docs/sso/signin/cloud_login_verify_email.png) + +## Microsoft 365 Copilot + +1. To begin, select "Microsoft Account" from the list of options from the login form. + +2. If you are already signed in to your Microsoft account, you'll see the account chooser screen. + Pick the account you want to log in as, or Use another account if this is not already listed. + + ![Screenshot of Microsoft account chooser screen](/docs/sso/signin/cloud_login_microsoft_chooser.png) + +3. Once you have completed the sign in for your selected Microsoft account, you will need to consent to share some + limited information with SR2 Cloud: + + ![Screenshot of Microsoft account consent screen](/docs/sso/signin/cloud_login_microsoft_consent.png) + +4. Once accepted, you will need to verify your email address. + Do this by clicking the link in the email you receive on the address you used to sign up. + Ensure you do so promptly, as the link is only valid for 5 minutes. + + ![Screenshot of prompt to validate your email address](/docs/sso/signin/cloud_login_verify_email.png) diff --git a/static/docs/sso/signin/cloud_login_authenticator_setup.png b/static/docs/sso/signin/cloud_login_authenticator_setup.png new file mode 100644 index 0000000..09622c2 Binary files /dev/null and b/static/docs/sso/signin/cloud_login_authenticator_setup.png differ diff --git a/static/docs/sso/signin/cloud_login_google_consent.png b/static/docs/sso/signin/cloud_login_google_consent.png new file mode 100644 index 0000000..843d393 Binary files /dev/null and b/static/docs/sso/signin/cloud_login_google_consent.png differ diff --git a/static/docs/sso/signin/cloud_login_microsoft_chooser.png b/static/docs/sso/signin/cloud_login_microsoft_chooser.png new file mode 100644 index 0000000..4567bc4 Binary files /dev/null and b/static/docs/sso/signin/cloud_login_microsoft_chooser.png differ diff --git a/static/docs/sso/signin/cloud_login_microsoft_consent.png b/static/docs/sso/signin/cloud_login_microsoft_consent.png new file mode 100644 index 0000000..21b6381 Binary files /dev/null and b/static/docs/sso/signin/cloud_login_microsoft_consent.png differ diff --git a/static/docs/sso/signin/cloud_login_register_form.png b/static/docs/sso/signin/cloud_login_register_form.png new file mode 100644 index 0000000..8d37fab Binary files /dev/null and b/static/docs/sso/signin/cloud_login_register_form.png differ diff --git a/static/docs/sso/signin/cloud_login_register_link.png b/static/docs/sso/signin/cloud_login_register_link.png new file mode 100644 index 0000000..bf0de28 Binary files /dev/null and b/static/docs/sso/signin/cloud_login_register_link.png differ diff --git a/static/docs/sso/signin/cloud_login_start.png b/static/docs/sso/signin/cloud_login_start.png new file mode 100644 index 0000000..ceb04eb Binary files /dev/null and b/static/docs/sso/signin/cloud_login_start.png differ diff --git a/static/docs/sso/signin/cloud_login_totp_entry.png b/static/docs/sso/signin/cloud_login_totp_entry.png new file mode 100644 index 0000000..cf303d7 Binary files /dev/null and b/static/docs/sso/signin/cloud_login_totp_entry.png differ diff --git a/static/docs/sso/signin/cloud_login_verify_email.png b/static/docs/sso/signin/cloud_login_verify_email.png new file mode 100644 index 0000000..304cca6 Binary files /dev/null and b/static/docs/sso/signin/cloud_login_verify_email.png differ