docs(nx-cloud): managed version saml auth (#19078)

docs/generated/manifests/cloud.json

@@ -308,6 +308,16 @@
         "path": "/nx-cloud/private-cloud/auth-saml",
         "tags": []
       },
+      {
+        "id": "auth-saml-managed",
+        "name": "Authenticate via SAML on Managed Version",
+        "description": "",
+        "file": "nx-cloud/private/auth-saml-managed",
+        "itemList": [],
+        "isExternal": false,
+        "path": "/nx-cloud/private-cloud/auth-saml-managed",
+        "tags": []
+      },
       {
         "id": "advanced-config",
         "name": "Advanced Configuration",
@@ -393,6 +403,16 @@
     "path": "/nx-cloud/private-cloud/auth-saml",
     "tags": []
   },
+  "/nx-cloud/private-cloud/auth-saml-managed": {
+    "id": "auth-saml-managed",
+    "name": "Authenticate via SAML on Managed Version",
+    "description": "",
+    "file": "nx-cloud/private/auth-saml-managed",
+    "itemList": [],
+    "isExternal": false,
+    "path": "/nx-cloud/private-cloud/auth-saml-managed",
+    "tags": []
+  },
   "/nx-cloud/private-cloud/advanced-config": {
     "id": "advanced-config",
     "name": "Advanced Configuration",

docs/generated/manifests/menus.json

@@ -5829,6 +5829,14 @@
             "children": [],
             "disableCollapsible": false
           },
+          {
+            "name": "Authenticate via SAML on Managed Version",
+            "path": "/nx-cloud/private-cloud/auth-saml-managed",
+            "id": "auth-saml-managed",
+            "isExternal": false,
+            "children": [],
+            "disableCollapsible": false
+          },
           {
             "name": "Advanced Configuration",
             "path": "/nx-cloud/private-cloud/advanced-config",
@@ -5896,6 +5904,14 @@
         "children": [],
         "disableCollapsible": false
       },
+      {
+        "name": "Authenticate via SAML on Managed Version",
+        "path": "/nx-cloud/private-cloud/auth-saml-managed",
+        "id": "auth-saml-managed",
+        "isExternal": false,
+        "children": [],
+        "disableCollapsible": false
+      },
       {
         "name": "Advanced Configuration",
         "path": "/nx-cloud/private-cloud/advanced-config",

docs/map.json

@@ -1781,6 +1781,11 @@
               "id": "auth-saml",
               "file": "nx-cloud/private/auth-saml"
             },
+            {
+              "name": "Authenticate via SAML on Managed Version",
+              "id": "auth-saml-managed",
+              "file": "nx-cloud/private/auth-saml-managed"
+            },
             {
               "name": "Advanced Configuration",
               "id": "advanced-config",

docs/nx-cloud/private/auth-saml-managed.md

@@ -0,0 +1,61 @@
+# SAML Auth
+
+## Okta Set-up
+
+You'll need the `SAML-IDENTIFIER` from us, unique to your org. We'll provide this once we start setting SAML up for you.
+You'll be entering it in the instructions below.
+
+1. Create a new Okta App Integration:
+
+   ![Okta 1](/nx-cloud/private/images/saml/okta_1.png)
+
+   ![Okta 2](/nx-cloud/private/images/saml/okta_2.png)
+
+2. Give it a name:
+
+   ![Okta 3](/nx-cloud/private/images/saml/okta_3.png)
+
+3. On the Next page, configure it as below:
+
+   1. The Single Sign On URL needs to be: 2. If using the main-US cluster: `https://auth.nx.app/login/callback?connection=SAML-IDENTIFIER` 3. If using the EU cluster: `https://auth.eu.nx.app/login/callback?connection=SAML-IDENTIFIER`
+   2. The Audience should be `urn:auth0:nrwl:SAML-IDENTIFIER`
+
+   ![Okta 4](/nx-cloud/private/images/saml/okta_4_public.png)
+
+4. Scroll down to attribute statements and configure them as per below:
+
+   ![Okta 5](/nx-cloud/private/images/saml/okta_5.png)
+
+5. Click “Next”, and select the first option on the next screen.
+6. Go to the assignments tab and assign the users that can login to the NxCloud WebApp:
+
+   1. **Note:** This just gives them permission to use the NxCloud web app with their own workspace. Users will still need to be invited manually through the web app to your main workspace.
+
+   ![Okta 6](/nx-cloud/private/images/saml/okta_6.png)
+
+7. Then in the Sign-On tab scroll down:
+
+   ![Okta 7](/nx-cloud/private/images/saml/okta_7.png)
+
+8. Scroll down and from the list of certificates, download the one with the “Active” status:
+
+   ![Okta 8](/nx-cloud/private/images/saml/okta_8.png)
+
+9. Then view the ldP metadata:
+
+   ![Okta 9](/nx-cloud/private/images/saml/okta_9.png)
+
+10. Then find the row similar to the below, and copy the highlighted URL (see screenshot as well):
+
+    1. ```html
+       <md:SingleSignOnService
+         Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+         Location="https://trial-xxxxx.okta.com/app/trial-xxxxx_nxcloudtest_1/xxxxxxxxx/sso/saml"
+       />
+       ```
+
+    ![Okta 10](/nx-cloud/private/images/saml/okta_10.png)
+
+11. Send us via email:
+    - your _public_ certificate downloaded in step 8
+    - your URL from step 10

docs/nx-cloud/private/get-started.md

@@ -63,4 +63,5 @@ We do offer, however, a multi-node Kubernetes setup, that is deployed via Helm.
 - [GitLab Auth](/nx-cloud/private-cloud/auth-gitlab)
 - [BitBucket Auth](/nx-cloud/private-cloud/auth-bitbucket)
 - [SAML Auth](/nx-cloud/private-cloud/auth-saml)
+- [SAML Auth Managed Cloud](/nx-cloud/private-cloud/auth-saml-managed)
 - [Advanced Configuration](/nx-cloud/private-cloud/advanced-config)

docs/shared/reference/sitemap.md

@@ -295,6 +295,7 @@
     - [Authenticate with GitLab](/nx-cloud/private-cloud/auth-gitlab)
     - [Authenticate with BitBucket](/nx-cloud/private-cloud/auth-bitbucket)
     - [Authenticate via SAML](/nx-cloud/private-cloud/auth-saml)
+    - [Authenticate via SAML on Managed Version](/nx-cloud/private-cloud/auth-saml-managed)
     - [Advanced Configuration](/nx-cloud/private-cloud/advanced-config)
   - [Reference](/nx-cloud/reference)
     - [Configuration Options](/nx-cloud/reference/config)