feat: adds sso docs

docs/sso/index.md

@@ -0,0 +1,123 @@
+---
+sidebar_position: 10
+---
+
+# Single Sign-On
+
+When you use SR2 Cloud services via a web browser, you will log in to the services via our Single Sign-On solution.
+You can use a local account (email, password, and <abbr title="Time based One-Time Password">TOTP</abbr>,
+or connect your social or corporate identity if you or your organisation uses:
+
+* Apple *(coming soon)*
+* [Google Workspace](#google-workspace)
+* [Microsoft 365 Copilot](#microsoft-365-copilot)
+
+![Screenshot of sign in screen](/docs/sso/signin/cloud_login_start.png)
+
+:::warning
+
+When using external identity providers, it is possible for the external provider to impersonate your user to our single
+sign-on service in a way that is not detectable to us.
+Only use external identity providers that you fully trust.
+
+:::
+
+As an additional layer of validation, it will be necessary to verify your email address whichever login method is used.
+
+## Local Accounts
+
+### Initial Registration
+
+1. To register a new local account, click on the "Register" link at the bottom of the login page:
+
+   ![Screenshot of register link at bottom of login screen](/docs/sso/signin/cloud_login_register_link.png)
+
+2. This will take you to the registration page:
+
+   ![Screenshot of registration form](/docs/sso/signin/cloud_login_register_form.png)
+
+3. Complete the details in the form:
+
+   * **Username** - Enter a unique name to identify your account. This will be used each time you log in.
+   * **Password** - Enter a password you have not used before.
+     This will be used each time you log in.
+     Ideally this would be memorised, otherwise please use a
+     [password manager](https://securityinabox.org/en/passwords/password-managers/).
+   * **Confirm Password** - Re-enter the same password to validate it has been entered correctly.
+   * **Email** - Enter your email address. You will need to verify this email address before you will be able to access
+     any service.
+   * **First Name** - Enter your first name. This will be displayed within the services.
+   * **Last Name** - Enter your last name. This will be displayed within the services.
+
+   :::note
+
+   When entering your name in the system, please provide information in both the first name and last name fields such
+   that colleagues within your organisation can easily recognize you.
+   While first and last names are commonly used in English-speaking regions, we acknowledge that names may not always 
+   fit this structure.
+   As long as each field contains at least one letter and consists only of Latin letters, spaces, and dashes, you may
+   format the entries in a way that best ensures clarity and recognition within your team.
+   
+   :::
+
+5. Click "Register" to submit the form.
+
+6. You will now need to verify your email address.
+   Do this by clicking the link in the email you receive on the address you used to sign up.
+   Ensure you do so promptly, as the link is only valid for 5 minutes.
+
+   ![Screenshot of prompt to validate your email address](/docs/sso/signin/cloud_login_verify_email.png)
+
+7. Once verified, upon your first log in, you will be asked to register a second factor for authenticating.
+   This step is mandatory.
+   We recommend you install the open source [FreeOTP](https://freeotp.github.io/) app on your mobile phone for this,
+   although all the suggested apps will work.
+   Then, open this app and follow the instructions to scan the QR code.
+   Once registered, you will need access to this app every single time you log in.
+
+    ![Screenshot of TOTP registration screen](/docs/sso/signin/cloud_login_authenticator_setup.png)
+
+### Signing In
+
+1. At the login form, enter the username and password created at registration.
+
+2. You will then be prompted for the second factor from your authenticator app:
+
+![Screenshot of TOTP entry](/docs/sso/signin/cloud_login_totp_entry.png)
+
+## Google Workspace
+
+1. To begin, select "Google Account" from the list of options from the login form.
+
+2. Complete login for your chosen account.
+
+3. Once you have completed the sign in for your selected Google account, you will need to consent to share some
+   limited information with SR2 Cloud:
+
+    ![Screenshot of Google account consent screen](/docs/sso/signin/cloud_login_google_consent.png)
+
+4. Once accepted, you will need to verify your email address.
+   Do this by clicking the link in the email you receive on the address you used to sign up.
+   Ensure you do so promptly, as the link is only valid for 5 minutes.
+
+   ![Screenshot of prompt to validate your email address](/docs/sso/signin/cloud_login_verify_email.png)
+
+## Microsoft 365 Copilot
+
+1. To begin, select "Microsoft Account" from the list of options from the login form.
+
+2. If you are already signed in to your Microsoft account, you'll see the account chooser screen.
+   Pick the account you want to log in as, or Use another account if this is not already listed.
+
+   ![Screenshot of Microsoft account chooser screen](/docs/sso/signin/cloud_login_microsoft_chooser.png)
+
+3. Once you have completed the sign in for your selected Microsoft account, you will need to consent to share some
+   limited information with SR2 Cloud:
+
+   ![Screenshot of Microsoft account consent screen](/docs/sso/signin/cloud_login_microsoft_consent.png)
+
+4. Once accepted, you will need to verify your email address.
+   Do this by clicking the link in the email you receive on the address you used to sign up.
+   Ensure you do so promptly, as the link is only valid for 5 minutes.
+
+   ![Screenshot of prompt to validate your email address](/docs/sso/signin/cloud_login_verify_email.png)