RHIDP-3794 - update Authentication book introduction (#460) (#535)

themr0c · hmanwani-rh · Gerry-Forde · web-flow · commit ddcc25409bb3 · 2024-09-25T16:47:04.000+02:00
Co-authored-by: Heena Manwani &lt;59050394+hmanwani-rh@users.noreply.github.com&gt;
Co-authored-by: Gerry-Forde &lt;63045020+Gerry-Forde@users.noreply.github.com&gt;
Co-authored-by: Nick Boldt &lt;nboldt@redhat.com&gt;
diff --git a/assemblies/assembly-enabling-authentication.adoc b/assemblies/assembly-enabling-authentication.adoc
@@ -1,38 +1,53 @@
 [id='enabling-authentication']
 = Enabling authentication in {product}
 
-Authentication within {product} facilitates user sign-in, identification, and access to external resources.
-It supports multiple authentication providers.
+Depending on your organization's security policies, you might require to identify and authorize users before giving them access to resources, such as {product}.
 
-Authentication providers are typically used in the following ways:
+In {product-short}, authentication and authorization are two separate processes:
 
-- One provider for sign-in and identification.
-- Additional providers for accessing external resources.
+. Authentication defines the user identity, and passes on this information to {product-short}.
+Read the following chapters to configure authentication in {product-short}.
 
-The {product} supports the following authentication providers:
+. Authorization defines what the authenticated identity can access or do in {product-short}.
+See link:{authorization-book-url}[{authorization-book-title}].
 
-//Auth0:: `auth0`
-//Atlassian:: `atlassian`
-Microsoft Azure::
-`microsoft`
-//Microsoft Azure Easy Auth:: `azure-easyauth`
-//Bitbucket:: `bitbucket`
-//Bitbucket Server:: `bitbucketServer`
-//Cloudflare Access:: `cfaccess`
-GitHub:: `github`
-//GitLab:: `gitlab`
-//Google:: `google`
-//Google IAP:: `gcp-iap`
-Keycloak:: `oidc`
-//Okta:: `okta`
-//OAuth 2 Custom Proxy:: `oauth2Proxy`
-//OneLogin:: `onelogin`
-//SAML:: `saml`
+[TIP]
+.Not recommended for production
+====
+To explore {product-short} features, you can enable the guest user to skip configuring authentication and authorization, log in as the guest user, and access all the features.
+====
 
-For each provider that you want to use, follow the dedicated procedure to complete the following tasks:
+The authentication system in {product-short} is handled by external authentication providers.
+
+{product-short} supports following authentication providers:
+
+* Red Hat Single-Sign On (RHSSO)
+* GitHub
+* Microsoft Azure
+
+To identify users in {product-short}, configure:
+
+* One (and only one) authentication provider for sign-in and identification.
+* Optionally, additional authentication providers for identification, to add more information to the user identity, or enable access to additional external resources.
+
+For each authentication provider, set up the shared secret that the authentication provider and {product-short} require to communicate, first in the authentication provider, then in {product-short}.
+
+{product-short} stores user identity information in the {product-short} software catalog.
+
+[TIP]
+.Not recommended for production
+====
+To explore the authentication system and use {product-short} without authorization policies, you can bypass the {product-short} software catalog and start using {product-short} without provisioning the {product-short} software catalog.
+====
+
+To get, store, and update additional user information, such as group or team ownership, with the intention to use this data to define authorization policies, provision users and groups in the {product-short} software catalog.
+
+[IMPORTANT]
+====
+{product-short} uses a one-way synchronization system to provision users and groups from your authentication system to the {product-short} software catalog.
+Therefore, deleting users and groups by using {product-short} Web UI or REST API might have unintended consequences.
+====
 
-. Set up the shared secret that the authentication provider and {product} require to communicate.
-. Configure {product} to use the authentication provider.
 
 
 include::assembly-authenticationg-with-the-guest-user.adoc[leveloffset=+1]
@@ -46,6 +61,3 @@ include::assembly-auth-provider-github.adoc[leveloffset=+1]
 
 include::assembly-auth-provider-oidc.adoc[leveloffset=+1]
 
-
-//include::modules/auth/proc-adding-gitlab-oauth-as-an-authentication-provider.adoc[leveloffset=+1]
-
