Skip to content

docs: access check config docs rework#1477

Merged
edibotopic merged 3 commits intomainfrom
docs-access-check-config-docs-rework
Apr 21, 2026
Merged

docs: access check config docs rework#1477
edibotopic merged 3 commits intomainfrom
docs-access-check-config-docs-rework

Conversation

@edibotopic
Copy link
Copy Markdown
Contributor

@edibotopic edibotopic commented Apr 20, 2026
edited
Loading

Updates section in configuration guide to reflect recent naming and description changes for config option force_access_check_with_provider.

  • Use terms from the config option, like "check", "access" and "force",
    to map more clearly between the wording of the config option and the
    text in this section
  • Explicitly mention what is being checked from a user perspective, i.e., whether
    they have permission to access the system according to the IdP
  • Add a brief explanation of how the check works
  • Link to section on this check in the Security Overview

Closes #1340

UDENG-9749

@edibotopic
Copy link
Copy Markdown
Contributor Author

edibotopic commented Apr 20, 2026

Linkcheck failure will be fixed by #1478

@edibotopic edibotopic marked this pull request as ready for review April 20, 2026 10:41
@edibotopic
add brief explanation of check
235afdb
@edibotopic
clarify wording on access check config option
b8a1b54 
* Use terms from the config option, like "check", "access" and "force",
to map more clearly between the wording of the config option and the
text in this section
* Explicitly mention what is being checked from a user perspective (do
they have permission to access, according to the IdP)
@edibotopic
link to relevant section in security overview
a08ba08 
this section provides further context for why an admin might enable this
check, from a security perspective.
@edibotopic edibotopic force-pushed the docs-access-check-config-docs-rework branch from 3d4205c to a08ba08 Compare April 20, 2026 12:06
@nooreldeenmansour
Copy link
Copy Markdown
Member

nooreldeenmansour commented Apr 21, 2026

This PR will be closing #1340 ? If so, please link it, so we don't forget about it

Also, since we are now improving the docs around this property, shall we consider this issue too? #933

@edibotopic
Copy link
Copy Markdown
Contributor Author

edibotopic commented Apr 21, 2026

This PR will be closing #1340 ? If so, please link it, so we don't forget about it

Also, since we are now improving the docs around this property, shall we consider this issue too? #933

Thanks @nooreldeenmansour --- I've linked to #1340 now.

We should also look at #933 separately, yes, but it will require further discussion and might need to wait until we're back from Madrid.

@edibotopic edibotopic merged commit d708f32 into main Apr 21, 2026
6 checks passed
@edibotopic edibotopic deleted the docs-access-check-config-docs-rework branch April 21, 2026 09:37
adombeck
adombeck reviewed Apr 22, 2026
View reviewed changes
Comment thread docs/howto/configure-authd.md
## Force remote authentication with the identity provider
## Force remote access check with the identity provider

By default, remote authentication with the identity provider only happens if
Copy link
Copy Markdown
Contributor

@adombeck adombeck Apr 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't we also use the new (and better) terminology here?

Suggested change
By default, remote authentication with the identity provider only happens if
By default, a remote access check with the identity provider only happens if

Copy link
Copy Markdown
Member

@nooreldeenmansour nooreldeenmansour Apr 22, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed, I can add this to #1467

Copy link
Copy Markdown
Contributor

@adombeck adombeck Apr 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#1467 is completely unrelated, let's do it in a separate PR please. I'd like @edibotopic's opinion on the change first though.

Copy link
Copy Markdown
Contributor Author

@edibotopic edibotopic Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could make this change. I left it because I didn't think it was necessarily incorrect, just not optimal for use as the config option's name and in the accompanying description.

On reflection though, it is always safer to be consistent. @nooreldeenmansour --- if you want to make the change I can approve.

In future, I think that it could be useful in the docs to have some kind of standalone explanation page that gives a technical overview of what happens during login and the different scenarios involved, because currently the explanations are inter-mingled with the configuration guide. It's good to have a sprinkling of context in there, but some topics might deserve a dedicated treatment.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adombeck adombeck adombeck left review comments

@nooreldeenmansour nooreldeenmansour nooreldeenmansour approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Improve docs on force_provider_authentication

3 participants

@edibotopic @nooreldeenmansour @adombeck