add sso page (#649)

Author: alex-cit

src/.vitepress/sidebar/en.js

@@ -27,6 +27,7 @@ export default {
       collapsed: true,
       items: [
         { text: 'User Account', link: '/manage/account/' },
+        { text: 'Single Sign-On (SSO)', link: '/manage/sso/' },
         { text: 'Workspaces', link: '/manage/workspaces/' },
         { text: 'Subscriptions and Invoicing', link: '/manage/subscriptions/' },
         { text: 'Member Roles and Permissions', link: '/manage/permissions/' },

src/index.md

@@ -39,6 +39,7 @@ The ecosystem consist of various components:
 
 ## Manage Account & Project
 - [User Account](./manage/account/)
+- [Single Sign-On (SSO)](./manage/sso/)
 - [Workspaces](./manage/workspaces/)
 - [Subscriptions and Invoicing](./manage/subscriptions/)
 - [Member Roles and Permissions](./manage/permissions/)

src/manage/dashboard/index.md

@@ -100,13 +100,16 @@ For details about different subscription plans visit our <MainDomainNameLink id=
 :::
 
 ## Settings
-In the **Settings** tab, you will find information about the current workspace.
+In the **Settings** tab, you will find information about the current workspace. 
+
+Here, [admins and owners](../permissions/#workspace-member-roles-and-project-permissions) of a workspace can set up or manage [Single sign-on (SSO)](../sso/).
+
+[Owners](../permissions/#workspace-member-roles-and-project-permissions) of a workspace can also:
 - use **Edit Workspace** to add or change the description of the workspace
 - use **Close Workspace** to [delete the workspace](../workspaces/#how-to-delete-a-workspace)
 
 ![Mergin dashboard web workspace settings](./mergin-maps-dashboard-settings.jpg "Mergin Maps dashboard workspace settings")
 
-
 ## User profile
 **Your profile** can be accessed by clicking on the user name in the upper right corner.
 

src/manage/permissions/index.md

@@ -49,6 +49,7 @@ This is the overview of workspace member roles that are related to the whole wor
 |delete and transfer projects| :no_entry_sign: | :no_entry_sign:  | :no_entry_sign:  | :white_check_mark: | :white_check_mark: |
 |manage access to projects| :no_entry_sign: | :no_entry_sign: | :no_entry_sign:  | :white_check_mark: | :white_check_mark: |
 |manage workspace members| :no_entry_sign: | :no_entry_sign: | :no_entry_sign: | :white_check_mark: | :white_check_mark: |
+|set up and manage [SSO](../sso/)| :no_entry_sign: | :no_entry_sign: | :no_entry_sign: | :white_check_mark: | :white_check_mark: |
 |delete the workspace and change its description| :no_entry_sign: | :no_entry_sign: | :no_entry_sign: | :no_entry_sign: | :white_check_mark: |
 |access to invoicing and subscription settings| :no_entry_sign: | :no_entry_sign: | :no_entry_sign: | :no_entry_sign: | :white_check_mark: |
 

src/setup/sign-up-to-mergin-maps/dashboard-workspace-settings-sso.jpg renamed to src/manage/sso/dashboard-workspace-settings-sso.jpg

@@ -0,0 +1,32 @@
+# Single Sign-On (SSO)
+[[toc]]
+
+Single sign-on (SSO) is an authentication method that allows you to sign in to <MainPlatformName /> using the same credentials as you use in your organisation. SSO is available on the <DashboardNameShort />, the <MobileAppNameShort /> and the <QGISPluginNameShort />.
+
+This means you don't have to create a new <MainPlatformName /> account with a specific password: you can simply use your work email. The identity provider (e.g. Microsoft Entra ID or Auth0) used by your organisation will check your credential and redirect you back to <MainPlatformName />.
+
+<MainPlatformName /> account will be created automatically after the first sign in via SSO.
+
+When a user signs in to <MainPlatformName /> using SSO, they will stay signed in for a time period before they are asked to enter their credentials again. By default, this period is set to 14 days. If you use <EnterprisePlatformNameLink />, you can set it to a different value.
+
+::: warning Removing workspace users
+If you remove a user from your Identity provider (you remove their account in your organisation), they will still be able to log into the <MainPlatformName /> workspace for 14 days. 
+
+To cancel their access to the workspace immediately, you have to remove them manually through the [Members tab](../dashboard/#members) on the <DashboardShortLink />.
+:::
+
+### Connection setup
+If you are the admin or owner of a workspace and you want to set up SSO, please contact our <MainDomainNameLink id="contact-sales" desc="sales team"/>.
+
+You will receive a link with a step-by-step guide for your identity provider. Currently, we support **SAML** and **OIDC** SSO protocols. Directory sync is not supported.
+
+::: tip SSO for self-hosted servers <ServerType type="EE" />
+If you want to use SSO on your <EnterprisePlatformNameLink /> server, you can do so from the admin panel. See [Single Sign-On Deployment](../../server/sso-deployment/) for more details.
+
+SSO is not available for <CommunityPlatformName />.
+:::
+
+Once SSO is configured for your workspace, you will see the relevant information in the <DashboardLink id="settings" desc="workspace settings page"/>, under the *advanced* section. If you need to make any changes to your SSO connection, please <MerginMapsEmail id="support" desc="contact our support team"/>.
+
+![Mergin Maps workspace settings with enabled SSO](./dashboard-workspace-settings-sso.jpg "Mergin Maps workspace settings with enabled SSO")
+

src/manage/sso/index.md

@@ -6,7 +6,7 @@ outline: deep
 
 To make full use of <MainPlatformName />, you need to sign up. You can sign up using:
 - [Email and password](#email-and-password-sign-up)
-- [Single sign-on (SSO)](#single-sign-on-sso)
+- [Single sign-on (SSO)](#single-sign-on)
 
 ::: tip Manage your account
 Do you want to delete your account or change your details? Go to [**User Account**](../../manage/account/) for detailed steps.
@@ -107,30 +107,14 @@ You can get up-to-speed quickly by following our [Quick Start tutorials](../../t
    See our <MainDomainNameLink id="pricing" desc="pricing page"/> for more details.
    :::
 
-## Single sign-on (SSO)
-Single sign-on (SSO) is an authentication method that allows you to sign in to <MainPlatformName /> using the same credentials as you use in your organisation. 
+## Single sign-on
 
-This means you don't have to create a new <MainPlatformName /> account with a specific password: you can simply use your work email. The identity provider (e.g. Microsoft Entra ID or Auth0) used by your organisation will check your credential and redirect you back to <MainPlatformName />.
+If your organisation set up [SSO](../../manage/sso/) for <MainPlatformName />, you can sign in using the same credentials as you use in your organisation.
 
-<MainPlatformName /> account will be created automatically after the first sign in via SSO.
-
-SSO is available on the <DashboardNameShort />, the <MobileAppNameShort /> and the <QGISPluginNameShort />.
-
-### Connection setup
-If you are the admin or owner of a workspace and you want to set up SSO, please contact our <MainDomainNameLink id="contact-sales" desc="sales team"/>.
-
-You will receive a link with step-by-step guide for your identity provider. Currently, we support **SAML** and **OIDC** SSO protocols. Directory sync is not supported.
-
-::: tip SSO for self-hosted servers <ServerType type="EE" />
-If you want to use SSO on your <EnterprisePlatformNameLink /> server, you can do so from the admin panel. See [Single Sign-On Deployment](../../server/sso-deployment/) for more details.
-
-SSO is not available for <CommunityPlatformName />.
+::: tip
+You can find out more about this topic in [Single Sign-On (SSO)](../../manage/sso/).
 :::
 
-Once SSO is configured for your workspace, you will see the relevant information in the <DashboardLink id="settings" desc="workspace settings page"/>, under the *advanced* section. If you need to make any changes to your SSO connection, please <MerginMapsEmail id="support" desc="contact our support team"/>.
-
-![Mergin Maps workspace settings with enabled SSO](./dashboard-workspace-settings-sso.jpg "Mergin Maps workspace settings with enabled SSO")
-
 ### From dashboard
 To sign in or sign up to <MainPlatformName /> using SSO on the <DashboardShortLink />:
 1. Navigate to <AppDomainNameLink />