diff --git a/packages/docusaurus/docs/03-Pangolin/06-Identity Providers/02-auto-provision.md b/packages/docusaurus/docs/03-Pangolin/06-Identity Providers/02-auto-provision.md index bf39f96..e7ec0bd 100644 --- a/packages/docusaurus/docs/03-Pangolin/06-Identity Providers/02-auto-provision.md +++ b/packages/docusaurus/docs/03-Pangolin/06-Identity Providers/02-auto-provision.md @@ -14,7 +14,7 @@ If auto provision is disabled, organization admins will need to manually create ## Selection Algorithm -It helpful to think of the auto provisioning process as follows: +It is helpful to think of the auto provisioning process as follows: 1. User successfully logs in using an identity provider. 2. Pangolin creates a user account for the user. @@ -152,4 +152,4 @@ contains(groups, '{{orgId}}') } ``` -The `{{orgId}}` placeholder will be replaced with the organization ID when the expression is evaluated. +When Pangolin evaluates this expression against the "home-lab" organization, it will replace `{{orgId}}` with "home-lab". The result of the expression will return true since the user is a member of the "home-lab" group. diff --git a/packages/docusaurus/docs/03-Pangolin/06-Identity Providers/03-openid-connect.md b/packages/docusaurus/docs/03-Pangolin/06-Identity Providers/03-Providers/01-openid-connect.md similarity index 87% rename from packages/docusaurus/docs/03-Pangolin/06-Identity Providers/03-openid-connect.md rename to packages/docusaurus/docs/03-Pangolin/06-Identity Providers/03-Providers/01-openid-connect.md index c438a95..69c41cd 100644 --- a/packages/docusaurus/docs/03-Pangolin/06-Identity Providers/03-openid-connect.md +++ b/packages/docusaurus/docs/03-Pangolin/06-Identity Providers/03-Providers/01-openid-connect.md @@ -17,10 +17,10 @@ Use JMESPath to select attributes from the claims token. See [JMESPath](https:// Determine how to access information from the claims token returned by the identity provider. This is used to map the user information from the identity provider to the user information in Pangolin. -- Identifer Path +- Identifer Path (required) - This must be unique each user within an identity provider. -- Email Path -- Name Path -- Scopes +- Email Path (optional) +- Name Path (optional) +- Scopes (not JMESPath; must be space-delimited strings) - The scopes to request from the identity provider. - Generally, `openid profile email` is sufficient.