docs: Advertise SAML authentication as an official feature.

Fixes #13275.
This commit is contained in:
Tim Abbott 2019-10-29 16:23:07 -07:00
parent 4561652513
commit c7c6f01236
6 changed files with 25 additions and 21 deletions

View File

@ -36,9 +36,9 @@ are documented in your `settings.py`.
## SAML ## SAML
Zulip 2.1 and later has beta support for SAML authentication, used by Zulip 2.1 and later supports SAML authentication, used by Okta,
Okta, OneLogin, and many other IdPs (identity providers). You can OneLogin, and many other IdPs (identity providers). You can configure
configure it as follows: it as follows:
1. These instructions assume you have an installed Zulip server. You 1. These instructions assume you have an installed Zulip server. You
can have created an organization already using EmailAuthBackend, or can have created an organization already using EmailAuthBackend, or

View File

@ -38,9 +38,7 @@ prefilled with that value.
`AUTHENTICATION_BACKENDS`: Zulip supports a wide range of popular `AUTHENTICATION_BACKENDS`: Zulip supports a wide range of popular
options for authenticating users to your server, including Google options for authenticating users to your server, including Google
Auth, GitHub Auth, LDAP, REMOTE_USER, and more. Note, however, that Auth, GitHub Auth, LDAP, SAML, REMOTE_USER, and more.
the default (email) backend must be used when creating a new
organization.
If you want an additional or different authentication backend, you If you want an additional or different authentication backend, you
will need to uncomment one or more and then do any additional will need to uncomment one or more and then do any additional

View File

@ -240,6 +240,13 @@
by your choice of Zoom, Jitsi Meet, or Google Hangouts. by your choice of Zoom, Jitsi Meet, or Google Hangouts.
</p> </p>
</a> </a>
<a class="feature-block" href="/help/configure-authentication-methods" target="_blank">
<h3>FLEXIBLE AUTHENTICATION</h3>
<p>
Supported authentication providers include LDAP, SAML,
Google, GitHub, and more.
</p>
</a>
<a class="feature-block" href="/help/import-from-slack" target="_blank"> <a class="feature-block" href="/help/import-from-slack" target="_blank">
<h3>DATA IMPORT</h3> <h3>DATA IMPORT</h3>
<p> <p>
@ -296,7 +303,6 @@
<!--Hack: These two pseudo elements are here to ensure the flex <!--Hack: These two pseudo elements are here to ensure the flex
arrangment uses the proper cell size with 4 elements in 2 rows.--> arrangment uses the proper cell size with 4 elements in 2 rows.-->
<div class="feature-block"></div> <div class="feature-block"></div>
<div class="feature-block"></div>
</section> </section>
</div> </div>
{% endblock %} {% endblock %}

View File

@ -2,13 +2,13 @@
{!admin-only.md!} {!admin-only.md!}
By default, Zulip allows logging in via email/password, your Google account, By default, Zulip allows logging in via email/password, your Google
or your GitHub account. You can restrict users to logging in via only a account, or your GitHub account. You can restrict users to logging in
subset of these methods. via only a subset of these methods.
LDAP and other SSO login methods are currently restricted to self-hosted LDAP and various custom SSO login methods are currently restricted to
Zulips only, though contact us at support@zulipchat.com if that is a self-hosted Zulips only. SAML authentication is supported by Zulip
blocker. Cloud but requires contacting support@zulipchat.com to configure it.
**Note:** If you are running your own server, **Note:** If you are running your own server,
[read this](https://zulip.readthedocs.io/en/latest/production/authentication-methods.html) [read this](https://zulip.readthedocs.io/en/latest/production/authentication-methods.html)

View File

@ -4,8 +4,8 @@ By default, Zulip allows you to log with an email/password pair, a Google accoun
a GitHub account. a GitHub account.
Organization administrators can Organization administrators can
[add other authentication methods](configure-authentication-methods), [add other authentication methods](/help/configure-authentication-methods),
including SSO or LDAP integration, or disable any of the methods above. including the SAML and LDAP integrations, or disable any of the methods above.
You can log in with any method allowed by your organization, regardless of You can log in with any method allowed by your organization, regardless of
how you signed up. E.g. if you originally signed up using your Google how you signed up. E.g. if you originally signed up using your Google

View File

@ -63,13 +63,13 @@ priority.
## Authentication ## Authentication
- Zulip supports integrated single sign-on with Google, GitHub, and Active - Zulip supports integrated single sign-on with Google, GitHub, SAML
Directory/LDAP. SAML and Okta authentication are coming soon. With Zulip (including Okta), AzureAD, and Active Directory/LDAP. With Zulip
on-premise, we can support any of the 100+ authentication tools supported on-premise, we can support any of the 100+ authentication tools
by supported by
[python-social-auth](https://python-social-auth-docs.readthedocs.io/en/latest/backends/index.html#social-backends) [python-social-auth](https://python-social-auth-docs.readthedocs.io/en/latest/backends/index.html#social-backends)
as well as as well as [any SSO service that has a plugin for
[any SSO service that has a plugin for Apache][apache-sso]. Apache][apache-sso].
- Zulip uses the zxcvbn password strength checker by default, and supports - Zulip uses the zxcvbn password strength checker by default, and supports
customizing users password strength requirements. See our documentation customizing users password strength requirements. See our documentation
on on