Add Identity Center integration docs #48951
Conversation
|
🤖 Vercel preview here: https://docs-5ta1llxbv-goteleport.vercel.app/docs/ver/preview |
r0mant
added
the
no-changelog
|
🤖 Vercel preview here: https://docs-pr55qcnal-goteleport.vercel.app/docs/ver/preview |
|
🤖 Vercel preview here: https://docs-9mk3w154e-goteleport.vercel.app/docs/ver/preview |
|
🤖 Vercel preview here: https://docs-pwaf3zxfh-goteleport.vercel.app/docs/ver/preview |
github-actions
bot
requested review from
mmcallister,
ptgott,
xinding33 and
zmb3
|
🤖 Vercel preview here: https://docs-1whwii91x-goteleport.vercel.app/docs/ver/preview |
|
🤖 Vercel preview here: https://docs-3dv9w5brz-goteleport.vercel.app/docs/ver/preview |
| @@ -0,0 +1,285 @@ | |||
| --- | |||
There was a problem hiding this comment.
Do we need to pin the mdx file in our config.json ?https://github.com/gravitational/teleport/blob/master/docs/config.json#L2284
There was a problem hiding this comment.
That's the redirect configuration. Since this is a new page, there doesn't need to be a redirect. The sidebar is automatically generated for the admin-guides section.
There was a problem hiding this comment.
Yeah, navigation is generated automatically now.
docs/pages/admin-guides/management/guides/aws-iam-identity-center.mdx
Outdated
Show resolved
Hide resolved
| allows you to organize and manage your users' short- and long-term access to AWS | ||
| accounts and their permissions. | ||
|
|
||
| With the Identity Center integration you can grant or revoke persistent access |
There was a problem hiding this comment.
nit: following the plugin enrollment UI changes where I updated all the occurrence of "Identity Center" as "AWS IAM Identity Center", that might apply to this docs too.
There was a problem hiding this comment.
I did use the full name in a few places but using it everywhere throughout the guide I thought would be too verbose so opted for a shorter version mostly. I'm sure readers will understand what Identity Center refers to.
docs/pages/admin-guides/management/guides/aws-iam-identity-center.mdx
Outdated
Show resolved
Hide resolved
| removed from such Access Lists will be added to or removed from corresponding | ||
| Identity Center groups. | ||
|
|
||
| For short-term access, users can go through Teleport's standard Access Request |
There was a problem hiding this comment.
I am not entirely sure to mention role/resource access request before v17.1. We might support before that but mentioning it right now risks confusion about what is supported and what is not. wdyt?
There was a problem hiding this comment.
Role requests should work? Permission set requests I have a note about that says they will be coming later.
docs/pages/admin-guides/management/guides/aws-iam-identity-center.mdx
Outdated
Show resolved
Hide resolved
docs/pages/admin-guides/management/guides/aws-iam-identity-center.mdx
Outdated
Show resolved
Hide resolved
docs/pages/admin-guides/management/guides/aws-iam-identity-center.mdx
Outdated
Show resolved
Hide resolved
| sets, for example: | ||
|
|
||
| ```yaml | ||
| kind: role |
There was a problem hiding this comment.
I've seen sub_kind: aws_identity_center added to the generated role. Is that needed or not? Can you confirm @tcsc @smallinsky
There was a problem hiding this comment.
I don't think it's required in the user-defined roles.
docs/img/identity-center/ic-app.png
Outdated
There was a problem hiding this comment.
Nit: This might be a matter of taste, but I would remove the browser frames from the images so they seem more impersonal. For me, impersonal is more appropriate for docs, while personal is more appropriate for a blog.
There was a problem hiding this comment.
I like the way macOS takes screenshots of full pages but I agree that I should've hid bookmarks bar and maybe pick a more generic cluster name.
I'd rather not re-do 8 screenshots right now - there are some UI tweaks that this integration will be getting over next weeks, we'll update then.
| To avoid access interruptions, we recommend making sure that all existing | ||
| Identity Center users have access to your Teleport cluster by e.g. using | ||
| the same [IdP](../../access-controls/sso/sso.mdx) as your current Identity Center | ||
| external identity source. |
There was a problem hiding this comment.
Should this be in the Prerequisites?
There was a problem hiding this comment.
There was a similar note under the "How it works" section but I moved it to "Prerequisites". I think it's useful to call attention to it here as well.
docs/pages/admin-guides/management/guides/aws-iam-identity-center.mdx
Outdated
Show resolved
Hide resolved
public-teleport-github-review-bot
bot
removed request for
tcsc,
mmcallister,
zmb3 and
xinding33
|
🤖 Vercel preview here: https://docs-25nxspkab-goteleport.vercel.app/docs/ver/preview |
|
🤖 Vercel preview here: https://docs-daku9xw6m-goteleport.vercel.app/docs/ver/preview |
|
🤖 Vercel preview here: https://docs-qzqobmxpe-goteleport.vercel.app/docs/ver/preview |
Closes https://github.com/gravitational/teleport.e/issues/5417.