mirror of https://github.com/zulip/zulip.git
docs: Advertise SAML authentication as an official feature.
Fixes #13275.
This commit is contained in:
parent
4561652513
commit
c7c6f01236
|
@ -36,9 +36,9 @@ are documented in your `settings.py`.
|
||||||
|
|
||||||
## SAML
|
## SAML
|
||||||
|
|
||||||
Zulip 2.1 and later has beta support for SAML authentication, used by
|
Zulip 2.1 and later supports SAML authentication, used by Okta,
|
||||||
Okta, OneLogin, and many other IdPs (identity providers). You can
|
OneLogin, and many other IdPs (identity providers). You can configure
|
||||||
configure it as follows:
|
it as follows:
|
||||||
|
|
||||||
1. These instructions assume you have an installed Zulip server. You
|
1. These instructions assume you have an installed Zulip server. You
|
||||||
can have created an organization already using EmailAuthBackend, or
|
can have created an organization already using EmailAuthBackend, or
|
||||||
|
|
|
@ -38,9 +38,7 @@ prefilled with that value.
|
||||||
|
|
||||||
`AUTHENTICATION_BACKENDS`: Zulip supports a wide range of popular
|
`AUTHENTICATION_BACKENDS`: Zulip supports a wide range of popular
|
||||||
options for authenticating users to your server, including Google
|
options for authenticating users to your server, including Google
|
||||||
Auth, GitHub Auth, LDAP, REMOTE_USER, and more. Note, however, that
|
Auth, GitHub Auth, LDAP, SAML, REMOTE_USER, and more.
|
||||||
the default (email) backend must be used when creating a new
|
|
||||||
organization.
|
|
||||||
|
|
||||||
If you want an additional or different authentication backend, you
|
If you want an additional or different authentication backend, you
|
||||||
will need to uncomment one or more and then do any additional
|
will need to uncomment one or more and then do any additional
|
||||||
|
|
|
@ -240,6 +240,13 @@
|
||||||
by your choice of Zoom, Jitsi Meet, or Google Hangouts.
|
by your choice of Zoom, Jitsi Meet, or Google Hangouts.
|
||||||
</p>
|
</p>
|
||||||
</a>
|
</a>
|
||||||
|
<a class="feature-block" href="/help/configure-authentication-methods" target="_blank">
|
||||||
|
<h3>FLEXIBLE AUTHENTICATION</h3>
|
||||||
|
<p>
|
||||||
|
Supported authentication providers include LDAP, SAML,
|
||||||
|
Google, GitHub, and more.
|
||||||
|
</p>
|
||||||
|
</a>
|
||||||
<a class="feature-block" href="/help/import-from-slack" target="_blank">
|
<a class="feature-block" href="/help/import-from-slack" target="_blank">
|
||||||
<h3>DATA IMPORT</h3>
|
<h3>DATA IMPORT</h3>
|
||||||
<p>
|
<p>
|
||||||
|
@ -296,7 +303,6 @@
|
||||||
<!--Hack: These two pseudo elements are here to ensure the flex
|
<!--Hack: These two pseudo elements are here to ensure the flex
|
||||||
arrangment uses the proper cell size with 4 elements in 2 rows.-->
|
arrangment uses the proper cell size with 4 elements in 2 rows.-->
|
||||||
<div class="feature-block"></div>
|
<div class="feature-block"></div>
|
||||||
<div class="feature-block"></div>
|
|
||||||
</section>
|
</section>
|
||||||
</div>
|
</div>
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
|
@ -2,13 +2,13 @@
|
||||||
|
|
||||||
{!admin-only.md!}
|
{!admin-only.md!}
|
||||||
|
|
||||||
By default, Zulip allows logging in via email/password, your Google account,
|
By default, Zulip allows logging in via email/password, your Google
|
||||||
or your GitHub account. You can restrict users to logging in via only a
|
account, or your GitHub account. You can restrict users to logging in
|
||||||
subset of these methods.
|
via only a subset of these methods.
|
||||||
|
|
||||||
LDAP and other SSO login methods are currently restricted to self-hosted
|
LDAP and various custom SSO login methods are currently restricted to
|
||||||
Zulips only, though contact us at support@zulipchat.com if that is a
|
self-hosted Zulips only. SAML authentication is supported by Zulip
|
||||||
blocker.
|
Cloud but requires contacting support@zulipchat.com to configure it.
|
||||||
|
|
||||||
**Note:** If you are running your own server,
|
**Note:** If you are running your own server,
|
||||||
[read this](https://zulip.readthedocs.io/en/latest/production/authentication-methods.html)
|
[read this](https://zulip.readthedocs.io/en/latest/production/authentication-methods.html)
|
||||||
|
|
|
@ -4,8 +4,8 @@ By default, Zulip allows you to log with an email/password pair, a Google accoun
|
||||||
a GitHub account.
|
a GitHub account.
|
||||||
|
|
||||||
Organization administrators can
|
Organization administrators can
|
||||||
[add other authentication methods](configure-authentication-methods),
|
[add other authentication methods](/help/configure-authentication-methods),
|
||||||
including SSO or LDAP integration, or disable any of the methods above.
|
including the SAML and LDAP integrations, or disable any of the methods above.
|
||||||
|
|
||||||
You can log in with any method allowed by your organization, regardless of
|
You can log in with any method allowed by your organization, regardless of
|
||||||
how you signed up. E.g. if you originally signed up using your Google
|
how you signed up. E.g. if you originally signed up using your Google
|
||||||
|
|
|
@ -63,13 +63,13 @@ priority.
|
||||||
|
|
||||||
## Authentication
|
## Authentication
|
||||||
|
|
||||||
- Zulip supports integrated single sign-on with Google, GitHub, and Active
|
- Zulip supports integrated single sign-on with Google, GitHub, SAML
|
||||||
Directory/LDAP. SAML and Okta authentication are coming soon. With Zulip
|
(including Okta), AzureAD, and Active Directory/LDAP. With Zulip
|
||||||
on-premise, we can support any of the 100+ authentication tools supported
|
on-premise, we can support any of the 100+ authentication tools
|
||||||
by
|
supported by
|
||||||
[python-social-auth](https://python-social-auth-docs.readthedocs.io/en/latest/backends/index.html#social-backends)
|
[python-social-auth](https://python-social-auth-docs.readthedocs.io/en/latest/backends/index.html#social-backends)
|
||||||
as well as
|
as well as [any SSO service that has a plugin for
|
||||||
[any SSO service that has a plugin for Apache][apache-sso].
|
Apache][apache-sso].
|
||||||
- Zulip uses the zxcvbn password strength checker by default, and supports
|
- Zulip uses the zxcvbn password strength checker by default, and supports
|
||||||
customizing users’ password strength requirements. See our documentation
|
customizing users’ password strength requirements. See our documentation
|
||||||
on
|
on
|
||||||
|
|
Loading…
Reference in New Issue