Skip to content

docs: add organizations, provisioners, and premium license docs #14778

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 33 commits into from
Oct 1, 2024
Merged

docs: add organizations, provisioners, and premium license docs #14778

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
69d4f75
Add documentation for managing organizations
bpmct Sep 24, 2024
4c8a165
Update icon path in organizations guide
bpmct Sep 24, 2024
1595a72
Update RBAC documentation state in manifest
bpmct Sep 24, 2024
6cf30a7
Add beta notice to organizations documentation
bpmct Sep 24, 2024
5bc2c2e
Remove references to enterprise page
bpmct Sep 25, 2024
abc156e
Update provisioners documentation for clarity
bpmct Sep 25, 2024
0d76ed0
Update documentation to "premium" edition
bpmct Sep 25, 2024
13f0a0e
Add documentation for licensing and group sync
bpmct Sep 26, 2024
fe895cd
chore(docs): outline new feature stages (#14786)
EdwardAngert Sep 26, 2024
d8de325
progress
bpmct Sep 29, 2024
f48f21c
Merge branch 'main' into orgs-licenses
bpmct Sep 29, 2024
67199d2
Add instructions for fetching role mappings
bpmct Sep 29, 2024
941d9c2
Update role sync documentation for clarity
bpmct Sep 29, 2024
ff7a8e2
Update organization sync troubleshooting links
bpmct Sep 29, 2024
05369f6
Add org sync setup instructions to documentation
bpmct Sep 29, 2024
f08be61
Fix sync link text order in organizations guide
bpmct Sep 29, 2024
67ce5d4
Add section on custom roles to users guide
bpmct Sep 29, 2024
841fa65
Update links to include premium in sync docs
bpmct Sep 29, 2024
4473b2a
Update provisioners documentation for clarity
bpmct Sep 29, 2024
2f0e14e
Update create organization page description
bpmct Sep 29, 2024
10354d4
Remove subproject directories and update JSON format
bpmct Sep 29, 2024
30e291f
fix(docs): correct license link path in org guide
bpmct Sep 29, 2024
15efb35
Update organization documentation link paths
bpmct Sep 30, 2024
6c2d6b2
Update paywall links to licensing doc
bpmct Sep 30, 2024
e100b55
Update documentation for Premium license references
bpmct Sep 30, 2024
821d9f2
Update licensing documentation for Premium plan
bpmct Oct 1, 2024
5b41d99
fix(docs): improve clarity in licensing intro
bpmct Oct 1, 2024
ee69767
Suppress link checker for licensing doc update
bpmct Oct 1, 2024
6610084
Update manifest to improve readability and rename icon
bpmct Oct 1, 2024
c26db48
Refactor manifest state to use consistent arrays
bpmct Oct 1, 2024
f9c4202
fmt
bpmct Oct 1, 2024
e3b34ff
Refactor route state field to support multiple states
bpmct Oct 1, 2024
eb71bfa
fix: paywall doc link
jaaydenh Oct 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Add documentation for licensing and group sync 
- Improve directions and clarity for enabling group sync
- Introduce new licensing guide for setting up premium features

Changes:
- Detailed steps and examples added for configuring OIDC claims
- New `licensing.md` guide presents ways to add a license via UI and CLI
- Introduced new enterprise SVG icon for better visual representation

These updates aim to enhance the user experience and provide clear, actionable instructions.
  • Loading branch information
@bpmct
bpmct committed Sep 26, 2024
commit 13f0a0ed94f1bf229f9bd9d0fb811068d480340e
68 changes: 44 additions & 24 deletions docs/admin/auth.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
# Authentication

![OIDC with Coder Sequence Diagram](../images/oidc-sequence-diagram.svg).

By default, Coder is accessible via password authentication. Coder does not
recommend using password authentication in production, and recommends using an
authentication provider with properly configured multi-factor authentication
Expand Down Expand Up @@ -252,33 +250,47 @@ CODER_TLS_CLIENT_KEY_FILE=/path/to/key.pem
## Group Sync (enterprise) (premium)

If your OpenID Connect provider supports group claims, you can configure Coder
to synchronize groups in your auth provider to groups within Coder.
to synchronize groups in your auth provider to groups within Coder. To enable
group sync, ensure that the `groups` claim is being sent by your OpenID
provider. This may involve requesting an additional
[scope](../reference/cli/server.md#--oidc-scopes) or additional configuration on
the OpenID provider side.

To enable group sync, ensure that the `groups` claim is set by adding the
correct scope to request. If group sync is enabled, the user's groups will be
controlled by the OIDC provider. This means manual group additions/removals will
be overwritten on the next login.
If group sync is enabled, the user's groups will be controlled by the OIDC
provider. This means manual group additions/removals will be overwritten on the
next user login.

```env
# as an environment variable
CODER_OIDC_SCOPES=openid,profile,email,groups
```
There are two ways you can configure group sync:

```shell
# as a flag
--oidc-scopes openid,profile,email,groups
<div class="tabs">

## Server Flags

First, confirm that your OIDC provider is sending the `groups` claim by logging
in with OIDC and visiting the following URL:

```text
https://[coder.example.com]/api/v2/debug/[your-username]/debug-link
```

With the `groups` scope requested, we also need to map the `groups` claim name.
Coder recommends using `groups` for the claim name. This step is necessary if
your **scope's name** is something other than `groups`.
You should see a field, followed by a list of the user's OIDC groups in the
response. This is the
[claim](https://openid.net/specs/openid-connect-core-1_0.html#Claims) sent by
the OIDC provider. See [Troubleshooting](#troubleshooting-grouprole-sync) to
debug this.

```env
> Depending on the OIDC provider, this claim may be named differently. Common
> ones include `groups`, `memberOf`, and `roles`.

Next configure the Coder server to read groups from the claim name with the
[OIDC group field](../reference/cli/server.md#--oidc-group-field) server flag:

```sh
# as an environment variable
CODER_OIDC_GROUP_FIELD=groups
```

```shell
```sh
# as a flag
--oidc-group-field groups
```
Expand All @@ -288,14 +300,16 @@ names in Coder and removed from groups that the user no longer belongs to.

For cases when an OIDC provider only returns group IDs ([Azure AD][azure-gids])
or you want to have different group names in Coder than in your OIDC provider,
you can configure mapping between the two.
you can configure mapping between the two with the
[OIDC group mapping](../reference/cli/server.md#--oidc-group-mapping) server
flag.

```env
```sh
# as an environment variable
CODER_OIDC_GROUP_MAPPING='{"myOIDCGroupID": "myCoderGroupName"}'
```

```shell
```sh
# as a flag
--oidc-group-mapping '{"myOIDCGroupID": "myCoderGroupName"}'
```
Expand All @@ -313,11 +327,17 @@ coder:
From the example above, users that belong to the `myOIDCGroupID` group in your
OIDC provider will be added to the `myCoderGroupName` group in Coder.

> **Note:** Groups are only updated on login.

[azure-gids]:
https://github.com/MicrosoftDocs/azure-docs/issues/59766#issuecomment-664387195

## Runtime (Organizations)

For deployments with multiple [organizations](./organizations.md), you can must
configure group sync at the organization level. In future Coder versions, you
will be able to configure this in the UI. For now, you can use CLI commands.

</div>

### Group allowlist

You can limit which groups from your identity provider can log in to Coder with
Expand Down
Binary file modified docs/images/add-license-ui.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
3 changes: 3 additions & 0 deletions docs/images/icons/enterprise.svg
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
42 changes: 42 additions & 0 deletions docs/licensing.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
# Licensing

Coder is free to use and includes some features that are only accessible with a
paid license. See our [pricing page](https://coder.com/pricing) for a
distinction.

To try Premium features, you can [request a trial](https://coder.com/trial) or
[contact sales](https://coder.com/contact).

## Adding your license key

There are two ways to add an enterprise license to a Coder deployment:

<div class="tabs">

### Coder UI

First, ensure you have a license key
([request a trial](https://coder.com/trial)).

With an `Owner` account, navigate to `Deployment -> Licenses`, `Add a license`
then drag or select the license file with the `jwt` extension.

![Add License UI](./images/add-license-ui.png)

### Coder CLI

First, ensure you have a license key
([request a trial](https://coder.com/trial)) and the
[Coder CLI](./install/index.md) installed.

1. Save your license key to disk and make note of the path
2. Open a terminal
3. Ensure you are logged into your Coder deployment

`coder login <access url>`

4. Run

`coder licenses add -f <path to your license key>`

</div>
6 changes: 6 additions & 0 deletions docs/manifest.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -562,6 +562,12 @@
}
]
},
{
"title": "Licensing",
"description": "Learn how to enable Premium features",
"path": "./licensing.md",
"icon_path": "./images/icons/enterprise.svg"
},
{
"title": "Contributing",
"description": "Learn how to contribute to Coder",
Expand Down
Loading