update oauth2.0

docs-2.0/README.md

@@ -1,9 +1,10 @@
 # Welcome to NebulaGraph {{ nebula.release }} Documentation
 
+<!--
 !!! caution
 
  Documents of version {{ nebula.release }} are only for NebulaGraph Community Edition {{ nebula.release }} and the corresponding tools. NebulaGraph Enterprise Edition {{ nebula.release }} is not released ([the release cycle for NebulaGraph Enterprise Edition is usually 6 months](20.appendix/6.eco-tool-version.md)). For details, see [Release notes](20.appendix/release-notes/nebula-comm-release-note.md).
-
+-->
 
 !!! note
 

docs-2.0/nebula-dashboard-ent/2.deploy-connect-dashboard-ent.md

@@ -365,7 +365,7 @@ sudo rpm -e <package_name>
  sudo systemctl {status|stop|start} {nbd-prometheus.service|nbd-alert-manager.service|nbd-stats-exporter.service|nbd-webserver.service}
  ```
 
-4. (Optional) To configure recipients of cluster alert notifications and to configure LDAP accounts, run `vim /usr/local/nebula-dashboard-ent/config/config.yaml` and add the following settings.
+4. (Optional) To configure the email addresses of the sender of LDAP and OAuth2.0 accounts and the duration for storing alert messages, run `vim /usr/local/nebula-dashboard-ent/config/config.yaml` and add the following settings.
 
  ```
  # Information of the sender's Email used to invite LDAP accounts.
@@ -378,14 +378,6 @@ sudo rpm -e <package_name>
  system:
  webAddress: http://127.0.0.1:7005 # The address to access Dashboard for the invitee who is invited by mail.
  messageStore: 90 # It sets the number of days to keep alert messages, the value of which is 90 by default. 
- # LDAP information
- ldap:
- server: ldap://127.0.0.1 # The LDAP server address.
- bindDN: cn=admin,dc=vesoft,dc=com # The LDAP login username.
- bindPassword: "" # The LDAP login password.
- baseDN: dc=vesoft,dc=com # Set the path to query user data.
- userFilter: "&(objectClass=*)" # Set a filter to LDAP search queries.
- emailKey: mail # Set the field name used to restore email in LDAP.
  ```
 
 ### View logs
@@ -424,10 +416,10 @@ After Dashboard is successfully started, you can enter `http://<ip_address>:7005
 
 If the following login interface is shown in the browser, then you have successfully deployed and started Dashboard.
 
-![dashboard-login-cn](https://docs-cdn.nebula-graph.com.cn/figures/login_2022-04-18_19-28-20_en.png)
+![dashboard-login-cn](https://docs-cdn.nebula-graph.com.cn/figures/login_20220909_en.png)
 
 !!! note
 
  When logging into the NebulaGraph Dashboard Enterprise Edition for the first time, the content of *END USER LICENSE AGREEMENT* is displayed on the login page. Please read it and then click **I Agree**. 
 
-You can log into Dashboard with the initialization account name `nebula` and password `nebula`, and then create LDAP and general accounts. You can log into Dashboard with the accounts that you have created then. For more information about the Dashboard account, see [Authority Management](../nebula-dashboard-ent/5.account-management.md).
+You can log into Dashboard with the initialization account name `nebula` and password `nebula`, and then create LDAP, OAuth2.0 or general accounts. You can log into Dashboard with the accounts that you have created then. For more information about the Dashboard account, see [Authority Management](../nebula-dashboard-ent/5.account-management.md).

docs-2.0/nebula-dashboard-ent/5.account-management.md

@@ -2,45 +2,25 @@
 
 You can log into NebulaGraph Dashboard Enterprise Edition with different types of accounts. Different accounts have different permissions. This article introduces account types, roles, and permissions.
 
+!!! note
+
+ You need configure the related protocols before using LDAP accounts or OAuth2.0 accounts. For details, see [Single sign-on](system-settings/single-sign-on.md).
+
 ## Account types
 
-Once you log into Dashboard Enterprise Edition using the initialized account name `nebula` and password `nebula`, you can create different types of accounts: LDAP accounts and general accounts. 
+Once you log into Dashboard Enterprise Edition using the initialized account name `nebula` and password `nebula`, you can create different types of accounts: LDAP accounts, OAuth2.0 accounts and general accounts.
 
 ### LDAP accounts
 
 Dashboard Enterprise Edition enables you to log into it with your enterprise account by accessing [LDAP (Lightweight Directory Access Protocol)](https://ldap.com/).
 
-Before using an LDAP account, LDAP configurations are required.
-
-1. In the Dashboard Enterprise Edition installation path, such as `nebula-graph-dashboard-ent/nebula-dashboard-ent/config`, find the configuration file `config.yaml`.
-2. In `config.yaml`, add the following content.
-
- ```
- ldap:
- server: ldap://127.0.0.1 
- bindDN: cn=admin,dc=vesoft,dc=com 
- bindPassword: "" 
- baseDN: dc=vesoft,dc=com 
- userFilter: "&(objectClass=*)" 
- emailKey: mail 
- ```
+### OAuth2.0 accounts
 
- | Parameter | Description |
- | ------------ | ---- |
- | server | The LDAP server address. |
- | bindDN | The LDAP login username. |
- | bindPassword | The LDAP login password. |
- | baseDN | Set the path to query user data. |
- | userFilter | Set a filter to LDAP search queries. |
- | emailKey | Set the field name used to restore email in LDAP. |
-
-3. Restart Dashboard Enterprise Edition to apply changes. 
-
-After the LDAP is configured successfully, and use the initialized account name `nebula` and password `nebula` to log into Dashboard Enterprise Edition, you can create an LDAP account then. For information about how to create an account, see [Create accounts](#create_accounts).
+Dashboard Enterprise Edition enables you to use access_token to authorize the third-party applications to access the protected information based on [OAuth2.0](https://oauth.net/2/).
 
 ### General accounts
 
-All accounts are general accounts except for LDAP accounts.
+Dashboard Enterprise Edition enables you to create local account.
 
 ## Account roles
 
@@ -72,21 +52,17 @@ Accounts with `admin` roles can create other accounts. The steps are as follows:
 1. At the top navigation bar of the Dashboard Enterprise Edition page, click **Authority**, and click **Create**.
 2. Select one method and input information to create an account, and click **OK**.
 
- - Invite: Set the invitee's enterprise email and role. After the invitee clicks the **Accept** button in the email to activate the account, the invitee needs to click **Login** to automatically jump to the Dashboard Enterprise Edition login page. The invitee can log into Dashboard with his/her enterprise email account and password.
-
- !!! note
-
- When selecting the **Invite** method to add accounts, ensure that the invitee's email has been added to the enterprise LDAP server.
+ - Invite (LDAP or OAuth2.0 accounts): Set the invitee's account type, enterprise email and role. After the invitee clicks the **Accept** button in the email to activate the account, the invitee needs to click **Login** to automatically jump to the Dashboard Enterprise Edition login page. The invitee can log into Dashboard with his/her enterprise email account and password.
 
- - Create Account: Set the login name, password, and role for the new account. For information about roles, [Account roles](#account_roles).
+ - Create Account (general accounts): Set the login name, password, and role for the new account. For information about roles, see the above content.
 
 ## View accounts
 
 The created accounts are displayed on the **Authority** page.
 
 - You can view the username, account type, role, associated cluster, and create time of accounts.
 
- - **Account Type**: Includes **platform** and **ldap**. **platform** is a general account and **ldap** is an LDAP account.
+ - **Account Type**: Includes **ldap**, **oauth2.0** and **platform**. **platform** is a general account.
  - **Role**: Displays the role of an account, including **admin** and **user**. For more information about roles, see the above content.
  - **Associated Clusters**: Displays all the clusters that can be operated by an account. If the cluster was created by the account, the associated cluster has the `owner` tag.
 

docs-2.0/nebula-dashboard-ent/system-settings/single-sign-on.md

@@ -1,3 +1,45 @@
 # Single sign-on
 
-TODO
+NebulaGraph Dashboard Enterprise Edition supports general accounts, LDAP accounts, and OAuth2.0 accounts. This article introduces how to configure the protocols of LDAP and OAuth2.0.
+
+!!! note
+
+ - After the configuration is complete, you can create the account and activate the invitation. For details，see [Authority management](../5.account-management.md).
+ - You can quickly switch on or off LDAP or OAuth2.0 login using the switch in the left navigation bar.
+
+## LDAP configuration
+
+### Entry
+
+1. At the top navigation bar of the Dashboard Enterprise Edition page, click **System Settings**.
+2. On the left-side navigation bar of the page, click **Single Sign-on**->**LDAP**.
+
+### Configuration description
+
+|Parameter|Example|Description|
+|:--|:--|:--|
+|`LDAP Server Address` | `ldap://192.168.10.100` | The LDAP server address. | 
+|`Bind DN` | `cn=admin,dc=vesoft,dc=com`| The LDAP login username. |
+|`Password` |`123456` | The LDAP login password. |
+|`Base DN` | `dc=vesoft,dc=com`| Set the path to query user data. |
+|`User Filter` | `&(objectClass=*)` | Set a filter to LDAP search queries. |
+|`Email Key` | `mail`| Set the field name used to restore email in LDAP. |
+
+## OAuth2.0 configuration
+
+### Entry
+
+1. At the top navigation bar of the Dashboard Enterprise Edition page, click **System Settings**.
+2. On the left-side navigation bar of the page, click **Single Sign-on**->**OAuth2.0**.
+
+### Configuration description
+
+|Parameter|Example|Description|
+|:--|:--|:--|
+|`ClientID` | `4953xxx-mmnoge13xx.apps.googleusercontent.com`| The application's ClientId。 |
+|`ClientSecret` | `GOCxxx-xaytomFexxx` | The application's ClientSecret。 |
+|`RedirectURL` | `http://dashboard.vesoft-inc.com/login` |The URL that redirect to Dashboard. |
+|`AuthURL` | `https://accounts.google.com/o/oauth2/auth` | The URL used for authentication. |
+|`TokenURL` | `https://oauth2.googleapis.com/token`| The URL used to get the access_token. |
+|`UserInfoURL` | `https://www.googleapis.com/oauth2/v1/userinfo`| The URL used to get the user information. |
+|`Name` | `vesoft`| The name of Oauth. |