mirror of
https://github.com/logto-io/logto.git
synced 2025-01-06 20:40:08 -05:00
feat(console): update content (#5035)
* feat(console): update content update content * fix(console): fix the layout fix the layout
This commit is contained in:
parent
cf20c940cc
commit
527cd22608
5 changed files with 34 additions and 18 deletions
|
@ -66,7 +66,7 @@ Logto will fetch the metadata from the URL and configure the SAML SSO integratio
|
||||||
|
|
||||||
Logto provides a flexible way to map the user attributes returned from IdP to the user attributes in Logto. Logto will sync the following user attributes from IdP by default:
|
Logto provides a flexible way to map the user attributes returned from IdP to the user attributes in Logto. Logto will sync the following user attributes from IdP by default:
|
||||||
|
|
||||||
- id: The unique identifier of the user. Logto will read the `nameId` claim from the SAML response as the user SSO identity id.
|
- id: The unique identifier of the user. Logto will read the `nameID` claim from the SAML response as the user SSO identity id.
|
||||||
- email: The email address of the user. Logto will read the `email` claim from the SAML response as the user primary email by default.
|
- email: The email address of the user. Logto will read the `email` claim from the SAML response as the user primary email by default.
|
||||||
- name: The name of the user.
|
- name: The name of the user.
|
||||||
|
|
||||||
|
@ -78,7 +78,7 @@ You may manage the user attributes mapping logic either on the Azure AD side or
|
||||||
|
|
||||||
Copy the following attribute names (with namespace prefix) and paste them into the corresponding fields in Logto.
|
Copy the following attribute names (with namespace prefix) and paste them into the corresponding fields in Logto.
|
||||||
|
|
||||||
- `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/email`
|
- `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress`
|
||||||
|
|
||||||
- `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name` (Recommendation: update this attribute value map to `user.displayname` for better user experience)
|
- `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name` (Recommendation: update this attribute value map to `user.displayname` for better user experience)
|
||||||
|
|
||||||
|
@ -118,7 +118,7 @@ Visit the `Users and groups` section of your Azure AD SSO application. Click on
|
||||||
|
|
||||||
<Step index={4} title="Set email domains and enable the SSO connector">
|
<Step index={4} title="Set email domains and enable the SSO connector">
|
||||||
|
|
||||||
Provide the email domains of your organization at the Logto's SAML SSO connector experience tab. This will enable the SSO connector as an authentication method for those users.
|
Provide the email `domains` of your organization at the Logto's SAML SSO connector `experience` tab. This will enable the SSO connector as an authentication method for those users.
|
||||||
|
|
||||||
Users with email addresses in the specified domains will be restricted to use SAML SSO connector as their only authentication method.
|
Users with email addresses in the specified domains will be restricted to use SAML SSO connector as their only authentication method.
|
||||||
|
|
||||||
|
|
|
@ -17,11 +17,7 @@ Before you can use Google Workspace as an authentication provider, you must set
|
||||||
|
|
||||||
<Step index={1} title="Config the consent screen for your application" >
|
<Step index={1} title="Config the consent screen for your application" >
|
||||||
|
|
||||||
In order to create a new OIDC credential, you need to configure the consent screen for your application. Otherwise, you will receive an error prompt when creating the credential like the following:
|
In order to create a new OIDC credential, you need to configure the consent screen for your application.
|
||||||
|
|
||||||
<center>
|
|
||||||
<img src={credentials} alt="create credentials" />
|
|
||||||
</center>
|
|
||||||
|
|
||||||
1. Navigate to the [OAuth consent screen](https://console.cloud.google.com/apis/credentials/consent) page and select the `Internal` user type. This will make the OAuth application only available to users within your organization.
|
1. Navigate to the [OAuth consent screen](https://console.cloud.google.com/apis/credentials/consent) page and select the `Internal` user type. This will make the OAuth application only available to users within your organization.
|
||||||
|
|
||||||
|
@ -80,7 +76,7 @@ Continue set up the OAuth credential by filling up the following information:
|
||||||
|
|
||||||
</Step>
|
</Step>
|
||||||
|
|
||||||
<Step index={3} title="Copy the client ID and client secret">
|
<Step index={3} title="Set up Logto connector with the client credentials">
|
||||||
|
|
||||||
After successfully creating the OAuth credential, you will receive a prompt modal with the client ID and client secret.
|
After successfully creating the OAuth credential, you will receive a prompt modal with the client ID and client secret.
|
||||||
|
|
||||||
|
@ -88,15 +84,23 @@ After successfully creating the OAuth credential, you will receive a prompt moda
|
||||||
<img src={clientCredentials} alt="client credentials" />
|
<img src={clientCredentials} alt="client credentials" />
|
||||||
</center>
|
</center>
|
||||||
|
|
||||||
Copy the client ID and client secret and fill in the corresponding fields on the Logto SSO connector connection page.
|
Copy the `client ID` and `client secret` and fill in the corresponding fields on the Logto SSO connector `connection` tab.
|
||||||
|
|
||||||
Now you have successfully configured a Google Workspace SSO connector on Logto.
|
Now you have successfully configured a Google Workspace SSO connector on Logto.
|
||||||
|
|
||||||
</Step>
|
</Step>
|
||||||
|
|
||||||
<Step index={4} title="Set email domains and enable the SSO connector">
|
<Step index={4} title="Additional Scopes (Optional)">
|
||||||
|
|
||||||
Provide the email domains of your organization on the connector experience tab. This will enabled the SSO connector as an authentication method for those users.
|
Use the `Scope` field to add additional scopes to your OAuth request. This will allow you to request for more information from the Google OAuth server. Please refer to the [Google OAuth Scopes](https://developers.google.com/identity/protocols/oauth2/scopes) documentation for more information.
|
||||||
|
|
||||||
|
\*Regardless of the custom scope settings, Logto will always send the `openid`, `profile` and `email` scopes to the IdP. This is to ensure that Logto can retrieve the user's identity information and email address properly.
|
||||||
|
|
||||||
|
</Step>
|
||||||
|
|
||||||
|
<Step index={5} title="Set email domains and enable the SSO connector">
|
||||||
|
|
||||||
|
Provide the email `domains` of your organization on the connector `experience` tab. This will enabled the SSO connector as an authentication method for those users.
|
||||||
|
|
||||||
Users with email addresses in the specified domains will be restricted to use your SSO connector as their only authentication method.
|
Users with email addresses in the specified domains will be restricted to use your SSO connector as their only authentication method.
|
||||||
|
|
||||||
|
|
|
@ -35,7 +35,7 @@ After successfully creating an OIDC application on the IdP side, you will need t
|
||||||
</Step>
|
</Step>
|
||||||
<Step index={2} title="Set email domains and enable the SSO connector">
|
<Step index={2} title="Set email domains and enable the SSO connector">
|
||||||
|
|
||||||
Provide the email domains of your organization on the connector experience tab. This will enabled the SSO connector as an authentication method for those users.
|
Provide the email `domains` of your organization on the connector `experience` tab. This will enabled the SSO connector as an authentication method for those users.
|
||||||
|
|
||||||
Users with email addresses in the specified domains will be restricted to use your SSO connector as their only authentication method.
|
Users with email addresses in the specified domains will be restricted to use your SSO connector as their only authentication method.
|
||||||
|
|
||||||
|
|
|
@ -48,7 +48,7 @@ Click the `Save` button to save the application settings.
|
||||||
|
|
||||||
</Step>
|
</Step>
|
||||||
|
|
||||||
<Step index={2} title="Copy the client ID and client secret">
|
<Step index={2} title="Set up Logto connector with the client credentials">
|
||||||
|
|
||||||
After successfully creating the OIDC application, you will be redirected to the application details page.
|
After successfully creating the OIDC application, you will be redirected to the application details page.
|
||||||
|
|
||||||
|
@ -56,13 +56,25 @@ After successfully creating the OIDC application, you will be redirected to the
|
||||||
<img src={clientCredentials} alt="client credentials" />
|
<img src={clientCredentials} alt="client credentials" />
|
||||||
</center>
|
</center>
|
||||||
|
|
||||||
Copy the client ID and client secret and fill in the corresponding fields on the Logto SSO connector connection page to complete the configuration.
|
Copy the `client ID` and `client secret` and fill in the corresponding fields on the Logto SSO connector `connection` tab.
|
||||||
|
|
||||||
|
Use your Okta domain as the `issuer`. Example: `https://dev-12345678.okta.com`. Once you have filled in all the fields, click the `Save` button to save the connector settings.
|
||||||
|
|
||||||
|
If the `issuer` link you provided is valid, you will see a parsed full list of Okta IdP configurations shown below the `issuer` field.
|
||||||
|
|
||||||
</Step>
|
</Step>
|
||||||
|
|
||||||
<Step index={4} title="Set email domains and enable the SSO connector">
|
<Step index={4} title="Additional Scopes (Optional)">
|
||||||
|
|
||||||
Provide the email domains of your organization on the connector experience tab. This will enabled the SSO connector as an authentication method for those users.
|
Use the `Scope` field to add additional scopes to your OAuth request. This will allow you to request for more information from the Okta OAuth server. Please refer to the [Okta documentation](https://developer.okta.com/docs/reference/api/oidc/#scopes) for more details about the available scopes.
|
||||||
|
|
||||||
|
\*Regardless of the custom scope settings, Logto will always send the `openid`, `profile` and `email` scopes to the IdP. This is to ensure that Logto can retrieve the user's identity information and email address properly.
|
||||||
|
|
||||||
|
</Step>
|
||||||
|
|
||||||
|
<Step index={5} title="Set email domains and enable the SSO connector">
|
||||||
|
|
||||||
|
Provide the email `domains` of your organization on the connector `experience` tab. This will enabled the SSO connector as an authentication method for those users.
|
||||||
|
|
||||||
Users with email addresses in the specified domains will be restricted to use your SSO connector as their only authentication method.
|
Users with email addresses in the specified domains will be restricted to use your SSO connector as their only authentication method.
|
||||||
|
|
||||||
|
|
|
@ -49,7 +49,7 @@ The user attributes returned from IdP may vary depending on the IdP configuratio
|
||||||
|
|
||||||
<Step index={3} title="Set email domains and enable the SSO connector">
|
<Step index={3} title="Set email domains and enable the SSO connector">
|
||||||
|
|
||||||
Provide the email domains of your organization in the SAML SSO integration experience tab. This will enable the SSO connector as an authentication method for those users.
|
Provide the email `domains` of your organization in the SAML SSO integration `experience` tab. This will enable the SSO connector as an authentication method for those users.
|
||||||
|
|
||||||
Users with email addresses in the specified domains will be restricted to use SAML SSO connector as their only authentication method.
|
Users with email addresses in the specified domains will be restricted to use SAML SSO connector as their only authentication method.
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue