Compass OIDC-docs merge into master (#510)

jocelyn-mendez1 · web-flow · commit da191c29bfc6 · 2023-08-11T16:52:14.000-04:00
* DOCSP-29126 Add OIDC to settings and authentication connection. (#508) * DOCSP-29126 add oidc * DOCSP-29126 typo fixes * DOCSP-29126 nit change * oidc-docs update * oidc-docs update * oidc-docs testing link * oidc-docs fix 404 * oidc-docs testing links
diff --git a/source/connect/advanced-connection-options/authentication-connection.txt b/source/connect/advanced-connection-options/authentication-connection.txt
@@ -34,6 +34,8 @@ Procedure
       Select your authentication method from the following options: 
       
       - :ref:`Username / Password <username-password>`
+
+      - :ref:`OIDC <oidc>`
       
       - :ref:`X.509 <x509>`
       
@@ -82,6 +84,44 @@ Procedure
 
         - :manual:`SCRAM-SHA-256 </core/security-scram/>`
 
+      .. _oidc:
+
+      OIDC
+      ~~~~
+
+      Select :guilabel:`OIDC` if the deployment uses :manual:`OpenID Connect </core/security-oidc/>` 
+      as its authentication mechanism.
+      
+      Provide the following information:
+
+      .. list-table::
+         :header-rows: 1
+         :widths: 50 50
+
+         * - Field
+           - Description
+
+         * - Username
+           - Optional. OpenID Connect username.
+
+         * - Auth Code Flow Redirect URI
+           - Optional. Specify a URI where the identity provider redirects you after authentication.
+             The URI must match the configuration of the Identity Provider.
+             The default is ``http://localhost:27097/redirect``.
+
+         * - Consider Target Endpoint Trusted
+           - Optional. Allows connecting to a target endpoint that is not in the 
+             list of endpoints that are considered trusted by default. Only use 
+             this option when connecting to servers that you trust.
+
+         * - Enable Device Authentication Flow
+           - Optional. When the :ref:`Show Device Auth Flow Checkbox <compass-settings-reference>` 
+             setting is enabled, |compass-short| can provide you with a URL and code 
+             to finish authentication. 
+             
+             This is a less secure authentication flow that can be used as a 
+             fallback when browser-based authentication is unavailable.
+
       .. _x509:
 
       X.509
diff --git a/source/settings/settings-reference.txt b/source/settings/settings-reference.txt
@@ -131,6 +131,22 @@ You can configure the following settings on the |compass| interface:
      - Allow our Product team to occasionally reach out for feedback about 
        |compass-short|.
 
+   * - Browser command to use for OIDC Authentication
+     - OIDC
+     - Specify the browser that |compass-short| redirects you to when authenticating 
+       with the identity provider.
+
+   * - Show Device Auth Flow Checkbox
+     - OIDC 
+     - Show a check box on the connection form to enable the device authentication flow. 
+       This provides the option to enable a less secure authentication flow as a 
+       fallback when browser-based authentication is unavailable.
+
+   * - Stay logged in with OIDC
+     - OIDC
+     - Remain logged in when using the :manual:`MONGODB-OIDC </core/security-oidc/>` 
+       authentication mechanism. 
+
 Learn More
 ----------
 
