From 3ee9915dfee3102407255a63b9c9b02a2c2b171c Mon Sep 17 00:00:00 2001
From: Matthias Mair <matmair@live.de>
Date: Thu, 9 Sep 2021 07:42:36 +0200
Subject: [PATCH] overview document for sso

---
 docs/admin/SSO.md | 25 +++++++++++++++++++++++++
 mkdocs.yml        |  1 +
 2 files changed, 26 insertions(+)
 create mode 100644 docs/admin/SSO.md

diff --git a/docs/admin/SSO.md b/docs/admin/SSO.md
new file mode 100644
index 0000000..e1353ed
--- /dev/null
+++ b/docs/admin/SSO.md
@@ -0,0 +1,25 @@
+---
+title: InvenTree Single Sign On
+---
+
+## Single Sign On
+
+InvenTree provides the possibility to use 3rd party services to authenticate users. This functionality makes use of [django-allauth](https://django-allauth.readthedocs.io/en/latest/) and supports a wide array of OpenID and OAuth [provider](https://django-allauth.readthedocs.io/en/latest/providers.html).
+
+### Configuration
+
+To use SSO you have to:
+1. Enable the needed providers in the [config file](../start/config.md#Single-Sign-on).
+1. Add the required client configurations in the `SocialApp` app in the [admin interface](../admin/admin.md).
+1. Enable SSO for the users in the [dynamic settings](../admin/settings.md).
+
+### Security Consideration
+
+You should use SSL for your website if you want to use this feature. Also set your callback-endpoints to `https://` addresses to reduce the risk of leaking user's tokens.
+
+Tokens for authenticating the users to the providers they registered with are saved in the database.  
+So ensure your database is protected and not open to the internet.  
+Make sure all users with admin privileges have sufficient passwords - they can read out your client configurations with providers and all auth-tokens from users.
+
+Never share your installs secret key!
+
diff --git a/mkdocs.yml b/mkdocs.yml
index 8a87798..3498fb1 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -97,6 +97,7 @@ nav:
     - Admin Interface: admin/admin.md
     - Settings: admin/settings.md
     - User Permissions: admin/permissions.md
+    - Single Sign on: admin/SSO.md
     - Export Data: admin/export.md
     - Import Data: admin/import.md
     - Python Shell: admin/shell.md