DOCSP-20679 Authentication Page (#382)

jocelyn-mendez1 · Jocelyn Mendez · jeff-allen-mongo · commit e53f27522219 · 2022-04-04T16:50:16.000-04:00
* DOCSP-20679 authentication mechanism * DOCSP-20679 authentication mechanism * DOCSP-20679 nit changes * DOCSP-20679 added spacing * DOCSP-20679 technical changes * DOCSP-20679 technical changes * DOCSP-20679 technical changes * DOCSP-20679 clarifications after tech feedback * DOCSP-20679 clarifications after tech feedback * DOCSP-20679 clarifications after tech feedback * DOCSP-20679 nit changes * DOCSP-20679 nit change Co-authored-by: Jocelyn Mendez <jocelyn.mendez@Jocelyns-MacBook-Pro.local>
diff --git a/source/connect/authentication-connection.txt b/source/connect/authentication-connection.txt
@@ -13,3 +13,184 @@ Authentication Connection Tab
    :class: singlecol
 
 
+The :guilabel:`Authentication` tab allows you to connect to deployments that 
+require authentication. To learn about authentication mechanisms within MongoDB,
+see :manual:`Authentication Mechanisms </core/authentication/#authentication-mechanisms>`.
+
+Procedure
+---------
+
+.. procedure::
+   :style: normal
+
+   .. step:: Click :guilabel:`Advanced Connection Options`.
+
+      .. figure:: /images/compass/advanced-connection-options.png
+         :figwidth: 690px
+         :alt: New Advanced Connection Options
+
+   .. step:: Click the :guilabel:`Authentication` tab.
+
+      Select your authentication method from the following options: 
+      
+      - :ref:`Username / Password <username-password>`
+      
+      - :ref:`X.509 <x509>`
+      
+      - :ref:`Kerberos <kerberos-authentication>`
+      
+      - :ref:`LDAP <ldap-authentication>`
+      
+      - :ref:`AWS IAM <aws-iam-authentication>`
+
+      .. _username-password:
+
+      Username / Password 
+      ~~~~~~~~~~~~~~~~~~~
+
+      Provide the following information:
+
+      - Username
+
+      - Password
+
+      - (Optional) :manual:`Authentication Database </core/security-users/#authentication-database>`
+
+      - Authentication Mechancism:
+         
+        - Default
+
+          |
+
+          The ``Default`` setting selects the first authentication mechanism 
+          supported by the server according to an order of preference. 
+          
+          |
+
+          With the ``Default`` setting, MongoDB tries to authenticate using
+          the following mechanisms in the order they are listed:
+
+          1. ``SCRAM-SHA-256``
+          
+          #. ``SCRAM-SHA-1``
+
+          #. ``MONGODB-CR``
+          
+          |
+
+        - :manual:`SCRAM-SHA-1 </core/security-scram/>`
+
+        - :manual:`SCRAM-SHA-256 </core/security-scram/>`
+
+      .. _x509:
+
+      X.509
+      ~~~~~
+
+      Select :guilabel:`X.509` if the deployment uses :manual:`X.509 
+      </core/security-x.509/>` as its authentication mechanism.
+
+      .. note:: 
+
+         X.509 Authentication requires a client certificate. To enable 
+         TLS and add a client certificate, see the :ref:`TLS / SSL tab <tls-ssl-tab>`
+         in |compass-short|.
+
+      .. _kerberos-authentication:
+
+      Kerberos
+      ~~~~~~~~
+
+      Select :guilabel:`Kerberos` if the deployment uses :manual:`Kerberos 
+      </core/kerberos/>` as its authentication mechanism. 
+
+      Provide the following information:
+
+      .. list-table::
+         :header-rows: 1
+         :widths: 50, 50
+
+         * - Field
+           - Description
+
+         * - Principal
+           - Every participant in the authenticated communication is known as a 
+             "principal", and every principal must have a unique name. 
+
+         * - (Optional) Service Name
+           - Every MongoDB :binary:`mongod` and :binary:`mongos` instance 
+             (or exe or exe on Windows) must have an associated service name. The 
+             default is ``mongodb``. 
+
+         * - (Optional) Canonicalize Host Name
+           - Kerberos uses the canonicalized form of the host name ``(cname)`` 
+             when constructing the principal for |compass|. 
+
+         * - (Optional) Service Realm 
+           - The service realm is the domain over which a Kerberos authentication 
+             server has the authority to authenticate a user.
+
+             If you choose to :guilabel:`Canonicalize Host Name`, you can specify 
+             one of the following options:
+
+             .. list-table::
+                :header-rows: 1
+                :widths: 50 50
+
+                * - Option
+                  - Description 
+
+                * - Forward
+                  - The driver does a ``cname`` lookup on the kerberos hostname.
+
+                * - Forward and Reverse
+                  - Performs a forward DNS lookup and then a reverse lookup on that 
+                    value to canonicalize the hostname.
+                    
+             For more information on principal name canonicalization in Kerberos, see 
+             this `RFC document <https://tools.ietf.org/html/rfc6806.html>`__.
+      
+         * - (Optional) Provide password directly
+           - Used to verify your identity. 
+
+      .. _ldap-authentication:
+
+      LDAP
+      ~~~~
+
+      Select :guilabel:`LDAP` if the deployment uses :manual:`LDAP 
+      </core/security-ldap-external/>` as its authentication mechanism. 
+
+      Provide the following information:
+
+      - Username
+
+      - Password
+
+      .. _aws-iam-authentication:
+
+      AWS IAM  
+      ~~~~~~~
+
+      Select :guilabel:`AWS IAM` if the deployment uses `AWS IAM 
+      <https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html>`__ as 
+      its authentication mechanism. 
+      
+      The following fields are optional as they can be defined on your platform 
+      using their respective AWS IAM environment variables. |compass| will 
+      use these environment variable values to authenticate; you do not 
+      need to specify them in the connection string.
+
+      - (Optional) AWS Access Key Id
+      
+      - (Optional) AWS Secret Access Key 
+
+      - (Optional) AWS Session Token
+
+   .. step:: (Optional) For advanced connection configuration options, click the :ref:`Advanced <advanced-connection-tab>` tab.
+
+   .. step:: Click Connect.
+
+.. seealso::
+
+   To disconnect from your deployment, see :ref:`<disconnect-tab>`.
diff --git a/source/connect/ssh-connection.txt b/source/connect/ssh-connection.txt
@@ -1,8 +1,8 @@
 .. _ssh-connection:
 
-=========================
-SSH Tunnel Connection Tab
-=========================
+=================================
+Proxy / SSH Tunnel Connection Tab
+=================================
 
 .. default-domain:: mongodb
 
diff --git a/source/connect/tls-ssl-connection.txt b/source/connect/tls-ssl-connection.txt
@@ -1,8 +1,8 @@
 .. _tls-ssl-tab:
 
-======================
-TLS/SSL Connection Tab
-======================
+========================
+TLS / SSL Connection Tab
+========================
 
 .. default-domain:: mongodb
 
@@ -11,3 +11,29 @@ TLS/SSL Connection Tab
    :backlinks: none
    :depth: 1
    :class: singlecol
+
+The :guilabel:`TLS / SSL` tab allows you to connect deployments via TLS / SSL.
+
+Procedure
+---------
+
+.. procedure::
+   :style: normal
+
+   .. step:: Click :guilabel:`Advanced Connection Options`.
+
+      .. figure:: /images/compass/advanced-connection-options.png
+         :figwidth: 690px
+         :alt: New Advanced Connection Options
+
+   .. step:: Click the :guilabel:`TLS / SSL` tab.
+
+      You have the option to use a ``Default`` connection or to set the TLS / SSL 
+      connection ``On`` or ``Off``. 
+
+      Default
+      ~~~~~~~
+
+      
+
+
