BP-2335: Integrated Windows Authentication for SharpHound Enterprise

[jeff-matthews]

Purpose

This pull request (PR) adds new documentation and updates existing documentation explaining Integrated Windows Authentication for SharpHound Enterprise collector clients.

See BP-2335 for details.

Note

Per internal policy for non-user editable feature-flagged functionality, we will not publish this content until the feature is more widely available (user editable or true by default).

Staging

• System requirements
• Local config
• ADFS config
• Create collector client

Summary by CodeRabbit

• Documentation
  • Added comprehensive ADFS/IWA authentication configuration guide for SharpHound Enterprise.
  • Expanded collector client creation documentation with detailed setup procedures.
  • Restructured on-demand scan workflow with distinct configuration and execution steps.
  • Added reusable scan options reference component.
  • Updated glossary to distinguish between collector client and collector application.
  • Reorganized enterprise collection documentation structure and navigation.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch BP-2335-sharphound-wia

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 9

🤖 Fix all issues with AI agents

In `@docs/collect-data/enterprise-collection/create-collector.mdx`:
- Line 173: The sentence "BloodHound Enterprise displays collector clients in
table on the **Manage Clients** page with a **Status** of **Unconfigured**." is
missing the article "a"; update the text in create-collector.mdx (the sentence
containing "displays collector clients in table on the **Manage Clients** page")
to read "displays collector clients in a table on the **Manage Clients**
page..." so the grammar is correct.

In `@docs/collect-data/enterprise-collection/on-demand-scan.mdx`:
- Around line 43-47: Update the wording under the Step titled "Configure the
scan": replace the phrase "that the schedule collects" with wording appropriate
to on‑demand context such as "that the scan collects" or "that the on‑demand
scan collects" so the bullet reads e.g. "- **Data**: The [type of
data](/collect-data/permissions) that the scan collects"; update only the phrase
inside that bullet in the "Configure the scan" step.

In `@docs/docs.json`:
- Around line 1131-1134: Update the JSON redirect object so the "source" string
includes a leading slash; specifically change the "source" value
"install-data-collector/install-sharphound/tenant-configuration" to
"/install-data-collector/install-sharphound/tenant-configuration" (leave the
"destination" unchanged) so the redirect source is consistent with the other
entries.

In `@docs/install-data-collector/install-sharphound/configure-adfs-iwa.mdx`:
- Line 86: The example URL in the Identifier field is malformed — replace the
path-style example string `https://your-tenant/bloodhoundenterprise.io` with the
correct subdomain format `https://your-tenant.bloodhoundenterprise.io` in the
configure-adfs-iwa.mdx content (look for the Identifier field and the example
URL literal) and scan the document for any other occurrences of the old pattern
to update them to the subdomain format.
- Line 206: The documentation contains an incorrect log path string
`%APPDATA%\Roaming\BloodHoundEnterprise` which duplicates the "Roaming" folder;
update the string in configure-adfs-iwa.mdx (the line containing
`%APPDATA%\Roaming\BloodHoundEnterprise`) to `%APPDATA%\BloodHoundEnterprise`
(or use the fully expanded example
`C:\Users\<user>\AppData\Roaming\BloodHoundEnterprise`) so the path resolves
correctly.

In `@docs/install-data-collector/install-sharphound/local-configuration.mdx`:
- Around line 60-68: The JSON example for IWA contains a trailing comma after
the last property which makes it invalid; edit the JSON block and remove the
trailing comma after "UseIntegratedWindowsAuthForADFS": true so the object
closes correctly, leaving the properties "ProviderWellKnown", "ClientId",
"Resource", and "UseIntegratedWindowsAuthForADFS" intact.
- Line 82: The TempDirectory description is incorrect: it redundantly appends
"\Roaming\" to "%APPDATA%" and uses an inconsistent product folder name. Update
the TempDirectory default value and text so it uses "%APPDATA%" (which already
points to the Roaming folder) and the same product folder name used elsewhere
("BloodHoundEnterprise" without a space); e.g., change references in the
TempDirectory description and example default to
"%APPDATA%\\BloodHoundEnterprise\\" and ensure backslashes remain double-escaped
for JSON formatting; modify the TempDirectory entry in the document accordingly.

In `@docs/snippets/hounds/scan-options.mdx`:
- Line 4: The phrasing in the table row starting with "| Domain controller |" is
schedule-specific ("on this schedule") but this snippet is reused for on-demand
scans; update the sentence to neutral wording such as "will define the default
value utilized by the scan" (or "for scans") so it reads correctly in both
scheduled and on-demand contexts, keeping the rest of the text intact and still
referring to the client configuration fallback and recommendation not to
configure a Domain Controller manually.

In `@docs/snippets/hounds/system_reqs.mdx`:
- Line 14: Replace the typo in the documentation line that reads "scaling wll be
necessary to maintain performance." by changing "wll" to "will" so the sentence
becomes "scaling will be necessary to maintain performance."; update the text in
the snippet containing that exact phrase.

[jeff-matthews]

Adding suggested edits from Slack conversation to avoid disrupting in progress reviews with new commits.

[jeff-matthews]

Switched the base branch to the v8.7.0 integration branch.

Will merge with main with all other v8.7.0 release docs on release day.

[jeff-matthews]

Reverted these changes in the release/v8.7.0 integration branch after confirming with PM that the feature will not be widely available until later.

Created a new draft PR for these changes #196