Merge pull request #109 from auth0/DOCS-5080-UAP

Verified UAP update

Author: avanscoy

main/docs.json

@@ -805,7 +805,8 @@
                           "docs/authenticate/enterprise-connections/self-service-SSO/manage-self-service-sso"
                         ]
                       },
-                      "docs/authenticate/enterprise-connections/private-key-jwt-client-auth"
+                      "docs/authenticate/enterprise-connections/private-key-jwt-client-auth",
+                      "docs/authenticate/enterprise-connections/user-attribute-profile"
                     ]
                   },
                   {

main/docs/authenticate/enterprise-connections/self-service-SSO.mdx

@@ -1,14 +1,13 @@
 ---
-description: Learn how to use Self-Service Single Sign-On to delegate SSO setup
-  to your B2B customers.
+description: Learn how to use Self-Service Single Sign-On to delegate SSO setup to your B2B customers.
+'og:description': Learn how to use Self-Service Single Sign-On to delegate SSO setup to your B2B customers.
 'og:image': https://cdn2.auth0.com/docs/1.14553.0/img/share-image.png
 'og:title': Self-Service Single Sign-On
 'og:url': https://auth0.com/docs/
 permalink: self-service-SSO
 sidebarTitle: Overview
 title: Self-Service Single Sign-On
-'twitter:description': Learn how to use Self-Service Single Sign-On to delegate SSO
-  setup to your B2B customers.
+'twitter:description': Learn how to use Self-Service Single Sign-On to delegate SSO setup to your B2B customers.
 'twitter:title': Self-Service Single Sign-On
 ---
 Self-Service <Tooltip tip="Single Sign-On (SSO): Service that, after a user logs into one applicaton, automatically logs that user in to other applications." cta="View Glossary" href="/docs/glossary?term=Single+Sign-On">Single Sign-On</Tooltip> (SSO) provides business-to-business (B2B) customers with the tools needed to delegate SSO setup to their enterprise customers. By delegating this task, you can streamline your onboarding process and grant customers more autonomy over their sign-on experience. You can also reduce the time and costs associated with managing SSO across your customer base.
@@ -26,6 +25,8 @@ Users with the following Dashboard roles can engage with this feature:
 
 </Callout>
 
+To learn more about Auth0’s subscription, read [Manage Subscriptions](/docs/troubleshoot/customer-support/manage-subscriptions). To upgrade your subscriptions, contact your Technical Account Manager or [Auth0 Sales](https://auth0.com/get-started?place=header&type=button&text=talk%20to%20sales).
+
 **Supported Providers**
 
 Self-Service SSO currently supports the following <Tooltip tip="Identity Provider (IdP): Service that stores and manages digital identities." cta="View Glossary" href="/docs/glossary?term=identity+providers">identity providers</Tooltip>:
@@ -39,6 +40,13 @@ Self-Service SSO currently supports the following <Tooltip tip="Identity Provide
 * Generic OIDC
 * Generic <Tooltip tip="Security Assertion Markup Language (SAML): Standardized protocol allowing two parties to exchange authentication information without a password." cta="View Glossary" href="/docs/glossary?term=SAML">SAML</Tooltip>
 
+Self-Service Provisioning currently supports the following identity providers:
+* Okta Workforce Identity (using OIDC)
+* Entra ID
+* Generic OIDC
+* Generic SAML
+
+
 ## How it works
 
 Self-Service SSO uses the following components to delegate setup to your customers:
@@ -57,7 +65,7 @@ The steps below provide the general workflow for using Self-Service SSO. These t
 4. Your customer admin launches the self-service assistant via the ticket URL and follows the steps provided to configure their connection and optionally complete domain verification.
 5. A new or updated Enterprise connection pointing to the customer’s application becomes available in your Auth0 tenant.
 
-<Frame>![Workflow diagram for the Self-Service SSO feature.](/images/cdy7uua7fh8z/3uW0vtLnF2O362NCxJSbqc/b4414234f4a7155e6c5f496b1acec058/Self-Service_SSO_Workflow_-_Diagram__Updated_s.png)</Frame>
+<Frame>![Workflow diagram for the Self-Service SSO feature.](/images/cdy7uua7fh8z/Self-Service-SSO-Workflow.png)</Frame>
 
 ## Self-service assistant experience
 
@@ -71,43 +79,62 @@ While the exact requirements for configuring SSO vary by IdP, the general workfl
 4. **Claims Mapping**: The customer admin reviews the required and optional user attributes they must capture through their SSO connection. Then, they map these user attributes, or claims, in their IdP system.
 5. **Assign Access**: The customer admin follows the written instructions for their IdP system to grant users or user groups access to your application.
 6. **Test SSO**: The customer admin uses the button provided to test their SSO connection in a new tab. Unless domain verification is enabled, the customer admin can complete the setup process after this step to enable their connection.
-7. **(Optional) Domain Verification**: The customer admin provides their domain and submits it for verification. Domain verification helps enhance overall security by ensuring customers provide legitimate domains during setup. Depending on how you (the Auth0 customer) configured domain verification when generating the access ticket, this experience can vary for customer admins:
+7. **(Optional) Provisioning**: The customer administrator configures user provisioning for their connection by following the provided instructions:
+   * Create the application in their IdP.
+   * Generate a SCIM bearer token in the assistant and copy the SCIM bearer token and SCIM endpoint URL into their IdP’s configuration.
+   * Review the required and optional attributes defined in the User Attribute Profile (UAP). Map these attributes to the corresponding SCIM fields in their IdP system.
+8. **(Optional) Domain Verification**: The customer admin provides their domain and submits it for verification. Domain verification helps enhance overall security by ensuring customers provide legitimate domains during setup. Depending on how you (the Auth0 customer) configured domain verification when generating the access ticket, this experience can vary for customer admins:
 
-   * **If domain verification is set to Required**: The customer admin must complete domain verification before they can enable the connection.
-   * **If domain verification is set to Optional**: The customer admin can choose to either enter their domain for verification or skip this step. In both cases, the customer admin can enable their connection regardless of its verification status.
-   * **If domain verification is set to Off:** If domain verification was not enabled at all, this step does not appear to the customer admin and their flow ends with Step 6 above. To learn more, review [Manage Self-Service SSO](/docs/authenticate/enterprise-connections/self-service-SSO/manage-self-service-sso).
+   * **If domain verification is set to Required**: The customer admin must complete domain verification before they can enable the connection.
+   * **If domain verification is set to Optional**: The customer admin can choose to either enter their domain for verification or skip this step. In both cases, the customer admin can enable their connection regardless of its verification status.
+   * **If domain verification is set to Off:** If domain verification was not enabled at all, this step does not appear to the customer admin and their flow ends with Step 6 above. To learn more, review [Manage Self-Service SSO](/docs/authenticate/enterprise-connections/self-service-SSO/manage-self-service-sso).
 
 ### Example self-service assistant flow
 
 The images below demonstrate an example self-service assistant experience. In this example, a customer admin configures SSO with Okta Workforce as their IdP.
 
-**1. Select Identity Provider**
+**1. Select Single Sign-On**
+<Frame>![Enterprise-Connection>Self-Service-SSO](/images/cdy7uua7fh8z/Enterprise-connections>Self-Service-SSO>IdP.png)</Frame>
+
+**2. Select Identity Provider**
+
+<Frame>![The first step of the self-service assistant that customer admins use to configure SSO. ](/images/cdy7uua7fh8z/self-service-sso-select-idp.png)</Frame>
+
+**3. Create Application (truncated)**
+
+<Frame>![The second step of the self-service assistant that customer admins use to configure SSO. ](/images/cdy7uua7fh8z/Self-Service-SSO-create-application.png)</Frame>
+
+**4. Configure Connection**
+
+<Frame>![The third step of the self-service assistant that customer admins use to configure SSO. ](/images/cdy7uua7fh8z/Self-Service-SSO-configure-connection.png)</Frame>
+
+**5. Claims Mapping**
 
-<Frame>![The first step of the self-service assistant that customer admins use to configure SSO. ](/images/cdy7uua7fh8z/5abjV7qR9EctPJVAZ7PcyF/d1166b97996522e2f7428dc273a3a6bc/1._Select_IdP.png)</Frame>
+<Frame>![The fourth step of the self-service assistant that customer admins use to configure SSO. ](/images/cdy7uua7fh8z/Self-Service-SSO-claims-mapping.png)</Frame>
 
-**2. Create Application (truncated)**
+**6. Assign Access**
 
-<Frame>![The second step of the self-service assistant that customer admins use to configure SSO. ](/images/cdy7uua7fh8z/6f7N1bJGLcNnyRQDTMQUzj/a4d7277db28cfacb5b5d33d64fc3f776/2._Create_App.png)</Frame>
+<Frame>![The fifth step of the self-service assistant that customer admins use to configure SSO. ](/images/cdy7uua7fh8z/Self-Service-SSO-assign-access.png)</Frame>
 
-**3. Configure Connection**
+**7. Test SSO**
 
-<Frame>![The third step of the self-service assistant that customer admins use to configure SSO. ](/images/cdy7uua7fh8z/4yH2PIBAq0ZJy1DwltqhV7/5a04bc9c3f3b7e64b40bab083f95d5f9/3._Configure_Connection.png)</Frame>
+<Frame>![The sixth step of the self-service assistant that customer admins use to configure SSO. -](main/images/cdy7uua7fh8z/Self-Service-SSO-Test-SSO.png)</Frame>
 
-**4. Claims Mapping**
+**8. Provisioning - Create Application**
 
-<Frame>![The fourth step of the self-service assistant that customer admins use to configure SSO. ](/images/cdy7uua7fh8z/2hD5XyQTkJjC0Wqu5DW35i/4daa33b8aab6466e590476ab202a2d5f/4._Claims_Mapping.png)</Frame>
+<Frame>![Create an application to provision users.](/images/cdy7uua7fh8z/Self-Service-SSO-Provisioning-Create-App.png)</Frame>
 
-**5. Assign Access**
+**9. Provisioning - Configure SCIM**
 
-<Frame>![The fifth step of the self-service assistant that customer admins use to configure SSO. ](/images/cdy7uua7fh8z/1Nl5pd6838RjOBN77xgGru/eef2e5c79ffd8eb81b0c0051d1627813/5._Assign_Access.png)</Frame>
+<Frame>![Confgure SCIM to provision users to your application.](/images/cdy7uua7fh8z/Self-Service-SSO-Provisioning-configure-scim.png)</Frame>
 
-**6. Test SSO**
+**10. Provisioning - SCIM Mapping**
 
-<Frame>![The sixth step of the self-service assistant that customer admins use to configure SSO. -](/images/cdy7uua7fh8z/3psjIT7vLGa1SyiFUpbjN3/494904c035f3073c0118180dd0ab2d4b/6._Test_SSO.png)</Frame>
+<Frame>![Map user attributes to guarantee attributes are passed from IdP to SP.](/images/cdy7uua7fh8z/Self-Service-SSO-Provisioning-SCIM-mapping.png)</Frame>
 
-**7. Domain Verification**
+**11. Domain Verification**
 
-<Frame>![The last step of the self-service assistant that customer admins use to configure SSO. ](/images/cdy7uua7fh8z/22T4stfnUGgDmYRtU4pO9B/aaf397b2a7d4f678178ef5b41c650ab9/7._Domain_Verification.png)</Frame>
+<Frame>![The last step of the self-service assistant that customer admins use to configure SSO. ](/images/cdy7uua7fh8z/Self-Service-SSO-domain-verification.png)</Frame>
 
 ## Using Self-Service SSO