diff --git a/content/hcp-docs/content/docs/hcp/iam/sso/index.mdx b/content/hcp-docs/content/docs/hcp/iam/sso/index.mdx index 8b2735dbbd..d19f80979c 100644 --- a/content/hcp-docs/content/docs/hcp/iam/sso/index.mdx +++ b/content/hcp-docs/content/docs/hcp/iam/sso/index.mdx @@ -58,7 +58,7 @@ The process to enable SSO for an HCP organization consists of the following step 1. Add information from your identity provider to HCP. 1. [Assign a default role](/hcp/docs/hcp/iam/sso/default-role) to users. -After you enable SSO, you can manage, update, and delete your SSO from HCP. For more information, refer to [manage SSO for your organization](/hcp/docs/hcp/iam/sso/manage). +After you enable SSO, you can manage, update, disable, and delete your SSO from HCP. For more information, refer to [manage SSO for your organization](/hcp/docs/hcp/iam/sso/manage). ## SSO integration with HCP Terraform diff --git a/content/hcp-docs/content/docs/hcp/iam/sso/manage.mdx b/content/hcp-docs/content/docs/hcp/iam/sso/manage.mdx index 6927f43351..cbba24b063 100644 --- a/content/hcp-docs/content/docs/hcp/iam/sso/manage.mdx +++ b/content/hcp-docs/content/docs/hcp/iam/sso/manage.mdx @@ -6,7 +6,7 @@ description: |- # Manage SSO for your HCP organization -This page describes the processes to manage SSO configurations for an HCP organization, including how to update and delete an existing SSO configuration. +This page describes the processes to manage SSO configurations for an HCP organization, including how to update, disable, and delete an existing SSO configuration. ## Manage an HCP Organization with SSO enabled @@ -29,13 +29,15 @@ It is important to delete SSO accounts for users that were removed from your ide The administrator who owns the organization and enabled SSO can still use their original, non-SSO account to sign in to the HCP web portal and access the SSO-enabled organization. If they previously signed in through GitHub, they can continue to access the organization through GitHub as well. -## Update SSO +## Update SSO configuration Organization owners and admins can edit an SSO configuration. To edit SSO: -1. Click **Settings** and then click **SSO**. You will be redirected to the **Single Sign-On** page. +1. [Log in to HCP](https://portal.cloud.hashicorp.com/) and go to your organization. +1. From your organization, click **Organization settings**. +1. Click **SSO**. 1. Open the **Manage** menu and select **Edit**. Users can modify the list of domains, the public signing certificate, endpoints, and the default organization role. Users can add and remove domains, but domains cannot be empty. @@ -43,7 +45,23 @@ Users can add and remove domains, but domains cannot be empty. - Adding a new domain will allow users with an email address matching the domain to sign up as new SSO users. SSO users using email addresses for the other domains will not be affected. You must also provision new domains on your identity provider and configure them for the Auth0-SSO-Connection. - Removing an existing domain will affect SSO users whose email addresses match the removed domain. They can sign in through other methods but will become different users in the database. Organization administrators can remove inactive users from the organization. -## Delete SSO +## Disable SSO connection + +You can temporarily suspend your existing SSO connection without deleting existing configurations. This approach is useful for operations such as troubleshooting, identity provider outages, and policy changes. When you suspend SSO, [user invitations](/hcp/docs/hcp/iam/users) automatically activate. That means existing users can invite other users to your HCP organization according to your current [access management settings](/hcp/docs/hcp/iam/access-management). + +To disable your SSO connection: + +1. [Log in to HCP](https://portal.cloud.hashicorp.com/) and go to your organization. +1. From your organization, click **Organization settings**. +1. Click **SSO**. +1. Next to your `Enabled` SSO connection, click **...**. Then click **Disable connection**. +1. Review the warning that appears. Then click **Disable**. + +HCP returns you to the **Single sign-on details** page. Your connection's status should appear as `Disabled`. + +When you are ready to re-enable your connection, click **...** and **Enable connection**. + +## Delete SSO connection Organization owners and admins can delete an SSO configuration from their organization. @@ -55,7 +73,11 @@ When you delete an SSO configuration, no SSO user can sign in to HCP. Current SS To delete SSO from an organization: -1. Select **Delete SSO Configuration** in the **Manage** menu. A dialog appears for you to confirm the deletion of SSO from this organization. +1. [Log in to HCP](https://portal.cloud.hashicorp.com/) and go to your organization. +1. From your organization, click **Organization settings**. +1. Click **SSO**. +1. Next to the SSO connection you want to delete, click **...**. Then click **Delete connection**. +1. A dialog appears for you to confirm the deletion of SSO from this organization. 1. Type **DELETE** and then click **Delete**. After deletion, organization owners and admins can [re-invite users](/hcp/docs/hcp/iam/users#invite-users) with the default Access Controls (IAM) system. \ No newline at end of file