diff --git a/docs/.gitbook/assets/login-with-sso.png b/docs/.gitbook/assets/login-with-sso.png new file mode 100644 index 000000000000..88525c4909f9 Binary files /dev/null and b/docs/.gitbook/assets/login-with-sso.png differ diff --git a/docs/.gitbook/assets/organization-settings-general-slugs.png b/docs/.gitbook/assets/organization-settings-general-slugs.png new file mode 100644 index 000000000000..12fb2c613b73 Binary files /dev/null and b/docs/.gitbook/assets/organization-settings-general-slugs.png differ diff --git a/docs/SUMMARY.md b/docs/SUMMARY.md index 6f0f8a17bf16..f0a224904cb9 100644 --- a/docs/SUMMARY.md +++ b/docs/SUMMARY.md @@ -78,7 +78,7 @@ * [Ping Identity setup](enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/ping-identity-setup.md) * [Google Workspace setup](enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/google-workspace-setup.md) * [OneLogin SAML Application setup](enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/onelogin-saml-application-setup.md) - * [Custom mapping](enterprise-configuration/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/README.md) + * [Custom mapping](enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/README.md) * [Legacy custom mapping](enterprise-configuration/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/legacy-custom-mapping.md) * [Examples: Setting up custom mapping for IdPs](enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/README.md) * [Example: Setting up custom mapping for Okta](enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-okta.md) diff --git a/docs/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/README.md b/docs/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/README.md index 2b3502bad995..3133a1a70d38 100644 --- a/docs/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/README.md +++ b/docs/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/README.md @@ -9,7 +9,7 @@ SSO is available only for Enterprise plans. For more information, see [plans and You can take advantage of your company's existing identity management system and have employees sign in to Snyk using their corporate identity. This makes provisioning Snyk to users easier. It also allows for deeper integration for Group and Organization membership, role-based access, and more. -
""

Log in to Snyk with SSO

+
""

Log in to Snyk with SSO

Snyk can integrate with any SAML-based and OpenID Connect (OIDC)-based SSO, as well as ADFS. You can also use your Enterprise Identity Provider for SSO, including [Entra ID](https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis) (formerly Azure AD) and [Google G Suite](https://community.snowflake.com/s/article/configuring-g-suite-as-an-identity-provider). Read more about SAML in [the Auth0 documentation](https://auth0.com/docs/protocols/saml). diff --git a/docs/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/choose-a-provisioning-option.md b/docs/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/choose-a-provisioning-option.md index b3ae038a094b..fc3d5bbf09dc 100644 --- a/docs/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/choose-a-provisioning-option.md +++ b/docs/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/choose-a-provisioning-option.md @@ -34,6 +34,6 @@ If users who have not been invited use SSO to log in, they will gain access to S Custom Mapping is available only for Enterprise plans. For more information, see [plans and pricing](https://snyk.io/plans/). {% endhint %} -You can provision user accounts with customized rules using the [Custom Mapping Option](../../enterprise-configuration/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/). +You can provision user accounts with customized rules using the [Custom Mapping Option](custom-mapping/). You can configure SSO differently for each of your different Groups. You can also map users to a specific Organization and role assignment based on information from the identity provider. diff --git a/docs/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/README.md b/docs/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/README.md index f6c7ec2330d0..40fc84c44e09 100644 --- a/docs/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/README.md +++ b/docs/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/README.md @@ -5,7 +5,7 @@ Group Admins on a Snyk Enterprise plan who use SAML for SSO can configure Snyk S {% hint style="info" %} To enable the self-serve SSO option, contact your Snyk account team or [Snyk support](https://support.snyk.io).\ \ -This option does not accommodate [custom role mapping](../../../enterprise-configuration/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/). To set up custom role mapping with SSO for your Snyk Group, contact your Snyk account team. +This option does not accommodate [custom role mapping](../custom-mapping/). To set up custom role mapping with SSO for your Snyk Group, contact your Snyk account team. {% endhint %} The following video demonstrates the process and steps for setting up single sign-on when using SAML. diff --git a/docs/enterprise-configuration/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/README.md b/docs/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/README.md similarity index 93% rename from docs/enterprise-configuration/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/README.md rename to docs/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/README.md index 105e49262280..3f3d0a013899 100644 --- a/docs/enterprise-configuration/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/README.md +++ b/docs/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/README.md @@ -10,18 +10,18 @@ To understand more about roles and permissions within Snyk, see [Pre-defined rol ## Requirements for custom mapping -* Complete the SSO information worksheet for the appropriate IdP (identity provider) found in [Resources for SSO setup](../../../enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/set-up-snyk-single-sign-on-sso.md#resources-for-sso-setup). +* Complete the SSO information worksheet for the appropriate IdP (identity provider) found in [Resources for SSO setup](../set-up-snyk-single-sign-on-sso.md#resources-for-sso-setup). * Properly configure the custom attributes in your IdP to populate the `roles` array mapping. See [Example: roles array mapping](./#example-roles-array-mapping). ## Custom Mapping options Snyk offers an updated custom mapping option explained on this page, with increased flexibility, including the ability to grant users Group-level custom roles as well as pre-defined roles. -The Snyk [Legacy custom mapping](legacy-custom-mapping.md) option is still supported. +The Snyk [Legacy custom mapping](../../../enterprise-configuration/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/legacy-custom-mapping.md) option is still supported. ## Roles array mapping with Snyk -In the IdP, you must first pass a custom mapping called `roles` as a string array. [Examples](../../../enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/) of how to set this up for different IdPs are provided. +In the IdP, you must first pass a custom mapping called `roles` as a string array. [Examples](examples-setting-up-custom-mapping-for-idps/) of how to set this up for different IdPs are provided. Refer to your identity provider documentation for further information on how to configure custom mappings. @@ -134,7 +134,7 @@ For a valid role assertion, the Organization or Group slug may be required, wher To find an Organization slug, navigate to the **Settings** page for the Organization, and under **General** settings, the Organization slug value is visible. This can then be copied and used in role assertions in custom mapping. -
Organization general settings page, showing the Organization slug

Organization general settings page, showing the Organization slug

+
Organization general settings page, showing the Organization slug

Organization general settings page, showing the Organization slug

To find the slug of a Group, navigate to the Group Settings, and find the Group slug under General Settings, which you can copy. diff --git a/docs/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-an-okta-oidc-app.md b/docs/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-an-okta-oidc-app.md index 9619e36b96a0..5ace9e09c0b4 100644 --- a/docs/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-an-okta-oidc-app.md +++ b/docs/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-an-okta-oidc-app.md @@ -19,7 +19,7 @@ If you wish to set up custom mapping, move on to the next section of this guide. ## Add custom mapping -[Custom mapping](../../../../enterprise-configuration/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/) for an OIDC application in Okta is easily managed through custom attributes on group level. +[Custom mapping](../) for an OIDC application in Okta is easily managed through custom attributes on group level. ### Create a custom app user attribute to contain both the Snyk Organization name and role @@ -41,7 +41,7 @@ If you wish to set up custom mapping, move on to the next section of this guide. 2. Select a **Group**, navigate to the **Applications** tab, click **Assign** **application** if not already assigned, and choose your Snyk OIDC app,. Then click on the **pencil** next to the displayed Snyk OIDC app.
Group selected for modicification

Group selected for modicification

-3. In the **Edit App Assignment** dialog, add the Snyk org name + role associated with your Okta group (no spaces or capital letter(s)), following the syntax explained in [custom mapping](../../../../enterprise-configuration/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/) (or [legacy custom mapping](../../../../enterprise-configuration/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/legacy-custom-mapping.md) if using the legacy mapping option). Example, `snyk:org:*:org_admin`.\ +3. In the **Edit App Assignment** dialog, add the Snyk org name + role associated with your Okta group (no spaces or capital letter(s)), following the syntax explained in [custom mapping](../) (or [legacy custom mapping](../../../../enterprise-configuration/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/legacy-custom-mapping.md) if using the legacy mapping option). Example, `snyk:org:*:org_admin`.\
Adding Snyk roles

Adding Snyk roles

diff --git a/docs/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-google-workspace.md b/docs/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-google-workspace.md index f7eb542642c5..cd851327adec 100644 --- a/docs/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-google-workspace.md +++ b/docs/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-google-workspace.md @@ -1,6 +1,6 @@ # Example: Setting up custom mapping for Google Workspace -The following shows how to use [custom mapping](../../../../enterprise-configuration/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/) to map roles for a Google Workspace custom SAML connection. +The following shows how to use [custom mapping](../) to map roles for a Google Workspace custom SAML connection. For additional details and guidance, see the [Google documentation, Manage Custom User Fields](https://developers.google.com/admin-sdk/directory/v1/guides/manage-schemas). diff --git a/docs/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-okta.md b/docs/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-okta.md index 668c9155eef5..fc66c230cb38 100644 --- a/docs/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-okta.md +++ b/docs/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-okta.md @@ -39,7 +39,7 @@ When you look at a user's Application assignment it should look similar to the i 1. On the main page of Okta select **Directory -> Groups**. 2. Select a **Group**, navigate to the **Applications** tab, click **Assign** **application** if not already assigned, and choose your Snyk SSO app,. Then click on the **pencil** next to the displayed Snyk SSO app. -3. In the **Edit App Assignment** dialog, add the Snyk Organization slug, and the Organization role name associated with your Okta group (no spaces or capital letters), following the syntax explained in [custom mapping ](../../../../enterprise-configuration/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/)(or see [legacy custom mapping](../../../../enterprise-configuration/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/legacy-custom-mapping.md) if you are using that option). +3. In the **Edit App Assignment** dialog, add the Snyk Organization slug, and the Organization role name associated with your Okta group (no spaces or capital letters), following the syntax explained in [custom mapping ](../)(or see [legacy custom mapping](../../../../enterprise-configuration/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/legacy-custom-mapping.md) if you are using that option). 4. Repeat the preceding steps for all your applicable Okta groups to assign the org name and role combination to each user within each configured group. ### Construct a value expression that creates a roles array to be sent to Snyk diff --git a/docs/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-onelogin.md b/docs/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-onelogin.md index 3c7335752523..f92cc430f8ae 100644 --- a/docs/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-onelogin.md +++ b/docs/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-onelogin.md @@ -6,7 +6,7 @@ OneLogin has the concept of **groups** and **roles**. However, OneLogin does not Therefore, roles will be assigned to users directly instead of indirectly through groups. -1. In OneLogin, go to the **Users** and then to the **Roles** section and create the roles following the naming convention outlined for [custom mapping](../../../../enterprise-configuration/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/). Each role should have the Snyk SAML app enabled as the role app.\ +1. In OneLogin, go to the **Users** and then to the **Roles** section and create the roles following the naming convention outlined for [custom mapping](../). Each role should have the Snyk SAML app enabled as the role app.\ Assign the users to their roles as needed.
OneLogin Roles section

OneLogin Roles section

diff --git a/docs/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-ping-identity.md b/docs/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-ping-identity.md index a706e11308cf..1cd91ba7cbc7 100644 --- a/docs/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-ping-identity.md +++ b/docs/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-ping-identity.md @@ -18,7 +18,7 @@ Any step on the Snyk side in setting up the Enterprise application must be perfo
Add roles array

Add roles array

-3. In the left menu, select **Identities/Groups** and add the Snyk Groups needed following the syntax explained on the [Cusom Mapping Option](../../../../enterprise-configuration/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/) page. +3. In the left menu, select **Identities/Groups** and add the Snyk Groups needed following the syntax explained on the [Cusom Mapping Option](../) page.
Adding an example Group

Adding an example Group

4. If you so not select a **Population** at the bottom of the previous screen, ensure that you assign the Group to the user(s) who should be part of the role assignment in Snyk. If you select a **Population**, all users in that population will inherit the permissions of the assigned Snyk role. diff --git a/docs/snyk-admin/user-roles/user-role-management.md b/docs/snyk-admin/user-roles/user-role-management.md index a3c8c1664349..3e19ca885d22 100644 --- a/docs/snyk-admin/user-roles/user-role-management.md +++ b/docs/snyk-admin/user-roles/user-role-management.md @@ -159,7 +159,7 @@ If the user is not already a part of your Group, you must first add that user as Member roles are supported as part of a customized SSO authentication flow. All new and existing customers who have customized SSO can use new roles they create in their IDP SAML assertions to provision users in their Organizations with those roles. -For more details, see [Custom mapping](../../enterprise-configuration/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/) +For more details, see [Custom mapping](../../enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/) {% hint style="info" %} If you already have Custom SSO set up, or are planning to create Member roles after setting up Custom SSO, you can use Member roles with no modification to the Snyk Custom SSO configuration, provided you send the normalized role name in your payload in the agreed-upon format.