livebook-dev/livebook
1
1
Fork 0
mirror of https://github.com/livebook-dev/livebook.git synced 2025-10-27 22:06:38 +08:00
Code Issues Projects Releases Packages Wiki Activity

Adds role requirement to auth docs

Browse source
This commit is contained in:
Hugo Baraúna 2025-03-03 17:16:57 -03:00
parent 882d254c23
commit 3eb574c1aa
2 changed files with 31 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
docs/teams/email_domain.md
View file

@ -21,14 +21,14 @@ Here's a quick demo of the feature:
To set up email domain authentication for your organization: To set up email domain authentication for your organization:
1. Log in to Livebook Teams. 1. Log in to Livebook Teams
2. Navigate to the **Authentication** panel. 2. Navigate to the **Authentication** panel (requires "admin" role in the organization)
3. Find the **Email domain** section. 3. Find the **Email domain** section
4. Click **Configure**. 4. Click **Configure**
5. Enter your company's email domain(s): 5. Enter your company's email domain(s):
- Add one domain per line (e.g., `acme.com`) - Add one domain per line (e.g., `acme.com`)
- You can add multiple domains if needed - You can add multiple domains if needed
6. Save your changes. 6. Save your changes
### 2. Configure your deployment group to authenticate via Livebook Teams ### 2. Configure your deployment group to authenticate via Livebook Teams
To enable email domain authentication, your deployment group must be configured to use authentication via Livebook Teams. To enable email domain authentication, your deployment group must be configured to use authentication via Livebook Teams.
@ -37,17 +37,17 @@ To enable email domain authentication, your deployment group must be configured
In order to do so, follow these steps: In order to do so, follow these steps:
1. Log in to Livebook Teams. 1. Log in to Livebook Teams
2. Navigate to the **Deployments** panel. 2. Navigate to the **Deployments** panel
3. Click **Edit** on the deployment group where you want to enable authentication. 3. Click **Edit** on the deployment group where you want to enable authentication
4. Ensure that **Authenticate via Livebook Teams** is enabled. 4. Ensure that **Authenticate via Livebook Teams** is enabled.
5. Save your changes. 5. Save your changes
### Test the integration ### Test the integration
To verify the integration is working, follow these steps: To verify the integration is working, follow these steps:
1. Navigate to an application deployed in a deployment group configured with email domain authentication. 1. Navigate to an application deployed in a deployment group configured with email domain authentication
2. The app server will redirect you to Livebook Teams for authentication. 2. The app server will redirect you to Livebook Teams for authentication
3. On the authentication page, you will see an option to sign in using your email provider. 3. On the authentication page, you will see an option to sign in using your email provider
4. Click the name of your email provider and follow the authentication steps. 4. Click the name of your email provider and follow the authentication steps
5. Once authentication is complete, your email provider will redirect you back to your app server, and you will be successfully signed in. 5. Once authentication is complete, your email provider will redirect you back to your app server, and you will be successfully signed in

34
docs/teams/oidc_sso.md
View file

@ -26,8 +26,8 @@ Go to your IdP admin, and register Livebook Teams as a Relying Party (client/app
Once thats done, you should retrieve the following information from the registration process: Once thats done, you should retrieve the following information from the registration process:
- **Client ID**: A unique identifier assigned to Livebook Teams by your IdP. - **Client ID**: A unique identifier assigned to Livebook Teams by your IdP
- **Client Secret**: A confidential key assigned to Livebook Teams by your IdP. - **Client Secret**: A confidential key assigned to Livebook Teams by your IdP
- **Discovery URL**: This is the OIDC metadata URL provided by your IdP. Usual format: `https://YOUR_IDP/.well-known/openid-configuration` - **Discovery URL**: This is the OIDC metadata URL provided by your IdP. Usual format: `https://YOUR_IDP/.well-known/openid-configuration`
### 2. Configure OIDC in Livebook Teams ### 2. Configure OIDC in Livebook Teams
@ -35,13 +35,13 @@ Once thats done, you should retrieve the following information from the regis
<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/dNUcRD0A6kU?si=eNQ55-Aeg4I8PPgy" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe> <iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/dNUcRD0A6kU?si=eNQ55-Aeg4I8PPgy" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
1. Log in to Livebook Teams 1. Log in to Livebook Teams
2. Go to the **Authentication** panel 2. Go to the **Authentication** panel (requires "admin" role in the organization)
3. Click **Add OIDC SSO** and provide the following details: 3. Click **Add OIDC SSO** and provide the following details:
- **Name**: A display name for your OIDC provider (e.g., Okta, Microsoft Entra, Keycloak). - **Name**: A display name for your OIDC provider (e.g., Okta, Microsoft Entra, Keycloak)
- **Discovery URL**: Use the discovery URL retrieved from your IdP. - **Discovery URL**: Use the discovery URL retrieved from your IdP
- **Client ID**: Use the Client ID retrieved from your IdP. - **Client ID**: Use the Client ID retrieved from your IdP
- **Client Secret**: Use the Client Secret retrieved from your IdP. - **Client Secret**: Use the Client Secret retrieved from your IdP
- **Enable this SSO provider**: Make sure this option is enabled. - **Enable this SSO provider**: Make sure this option is enabled
4. Save 4. Save
### 3. Configure your deployment group to authenticate via Livebook Teams ### 3. Configure your deployment group to authenticate via Livebook Teams
@ -52,18 +52,18 @@ To enable OIDC authentication, your deployment group must be configured to use a
In order to do so, follow these steps: In order to do so, follow these steps:
1. Log in to Livebook Teams. 1. Log in to Livebook Teams
2. Navigate to the **Deployments** panel. 2. Navigate to the **Deployments** panel
3. Click **Edit** on the deployment group where you want to enable authentication. 3. Click **Edit** on the deployment group where you want to enable authentication
4. Ensure that **Authenticate via Livebook Teams** is enabled. 4. Ensure that **Authenticate via Livebook Teams** is enabled
5. Save your changes. 5. Save your changes
### Test the integration with your OIDC IdP ### Test the integration with your OIDC IdP
To verify the integration is working, follow these steps: To verify the integration is working, follow these steps:
1. Navigate to an application deployed in a deployment group configured for OIDC authentication. 1. Navigate to an application deployed in a deployment group configured for OIDC authentication.
2. The app server will redirect you to Livebook Teams for authentication. 2. The app server will redirect you to Livebook Teams for authentication
3. On the authentication page, you will see an option to sign in using your configured OIDC provider. 3. On the authentication page, you will see an option to sign in using your configured OIDC provider
4. Click the name of your OIDC SSO configuration and follow the authentication steps provided by your IdP. 4. Click the name of your OIDC SSO configuration and follow the authentication steps provided by your IdP
5. Once authentication is complete, the IdP will redirect you back to your app server, and you will be successfully signed in. 5. Once authentication is complete, the IdP will redirect you back to your app server, and you will be successfully signed in