From 1adaf5136f570a03a3c21e55cb2a1ed31fba588f Mon Sep 17 00:00:00 2001 From: miacycle <184569369+miacycle@users.noreply.github.com> Date: Mon, 29 Jun 2026 19:48:18 -0500 Subject: [PATCH 1/2] docs(cloud): Identity Providers are configured on-behalf (no separate enable step) Signed-off-by: miacycle <184569369+miacycle@users.noreply.github.com> --- .../guides/organizations/org-management/_index.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/content/en/cloud/guides/organizations/org-management/_index.md b/content/en/cloud/guides/organizations/org-management/_index.md index e41a80340b1..bdac4099ad4 100644 --- a/content/en/cloud/guides/organizations/org-management/_index.md +++ b/content/en/cloud/guides/organizations/org-management/_index.md @@ -58,13 +58,16 @@ You can update your Organization's name, location, associated teams, branding, a The **Identity Providers** tab controls which OAuth applications power sign-in for your Organization. This is most useful when your Organization uses a custom domain and you want your own brand — not Layer5's — shown on the Google, GitHub, or OIDC consent screen. -The tab opens in one of two states: +By default, your Organization uses Layer5's shared OAuth applications. To override them, simply add your own provider — there is no separate "enable" step: -- **Using Layer5's default identity providers** (the default for every Organization): Sign in uses Layer5's shared OAuth applications. A Provider Administrator can select **Enable bring-your-own credentials** to begin configuring the Organization's own providers. -- **Bring-your-own credentials (BYOC) enabled**: A row is shown for each configured provider. Use **Add Google**, **Add GitHub**, or **Add OIDC** to register a provider — each walkthrough displays the exact redirect URI to add to your OAuth application — and **Edit** or **Remove** to rotate or delete a provider's credentials. **Delete Identity Providers** reverts the Organization to Layer5's defaults. +- Use **Add Google**, **Add GitHub**, or **Add OIDC** to register a provider. Each walkthrough displays the exact redirect URI to add to your OAuth application. Saving your first provider switches the Organization to its own identity providers automatically. +- Use **Edit** to rotate a provider's credentials, or **Remove** to delete a single provider. Removing your last provider reverts the Organization to Layer5's defaults. +- **Delete All Identity Providers** removes every configured provider at once and reverts to Layer5's defaults. + +Every removal asks you to confirm and explains the consequences before it proceeds. {{< alert title="Who can configure this" type="info" >}} -Enabling or tearing down bring-your-own credentials is a Provider Administrator action, and Provider Administrators can manage the Identity Providers configuration of **any** Organization — whether or not they are a member of it. Adding, rotating, and removing individual provider connections is available to Organization Administrators and Owners. +Organization Administrators and Owners can add, rotate, and remove their Organization's identity providers themselves. Provider Administrators can additionally manage the Identity Providers configuration of **any** Organization — whether or not they are a member of it. {{< /alert >}} Switching identity providers does not affect existing user accounts or login history. Users who signed in through a provider you later remove may need to re-authenticate. From fe476300f92bd3979bf5122bb3587aa7cf9a1d90 Mon Sep 17 00:00:00 2001 From: Cooper Fitzgerald <182300328+fitzergerald@users.noreply.github.com> Date: Mon, 29 Jun 2026 19:57:11 -0500 Subject: [PATCH 2/2] Apply suggestions from code review Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Cooper Fitzgerald <182300328+fitzergerald@users.noreply.github.com> --- .../en/cloud/guides/organizations/org-management/_index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/en/cloud/guides/organizations/org-management/_index.md b/content/en/cloud/guides/organizations/org-management/_index.md index bdac4099ad4..c6d9e84b75f 100644 --- a/content/en/cloud/guides/organizations/org-management/_index.md +++ b/content/en/cloud/guides/organizations/org-management/_index.md @@ -62,12 +62,12 @@ By default, your Organization uses Layer5's shared OAuth applications. To overri - Use **Add Google**, **Add GitHub**, or **Add OIDC** to register a provider. Each walkthrough displays the exact redirect URI to add to your OAuth application. Saving your first provider switches the Organization to its own identity providers automatically. - Use **Edit** to rotate a provider's credentials, or **Remove** to delete a single provider. Removing your last provider reverts the Organization to Layer5's defaults. -- **Delete All Identity Providers** removes every configured provider at once and reverts to Layer5's defaults. +- Use **Delete All "Identity Providers"** to delete the environment named, "Identity Providers", therein deleting every configured provider at once, reverting to Provider Organization's defaults. Every removal asks you to confirm and explains the consequences before it proceeds. {{< alert title="Who can configure this" type="info" >}} -Organization Administrators and Owners can add, rotate, and remove their Organization's identity providers themselves. Provider Administrators can additionally manage the Identity Providers configuration of **any** Organization — whether or not they are a member of it. +Organization Administrators and Owners can add, rotate, and remove their Organization's identity providers themselves. Provider Administrators can additionally manage the Identity Providers configuration (and the configuration of other aspects) of **any** Organization - whether or not they are members of it. {{< /alert >}} Switching identity providers does not affect existing user accounts or login history. Users who signed in through a provider you later remove may need to re-authenticate.