GITBOOK-321: change request with no subject merged in GitBook

README.md

@@ -63,7 +63,7 @@ _defguard is not an official WireGuard project, and WireGuard is a registered tr
 
 ### Identity Management:
 
-* ### [OpenID Connect](https://openid.net/developers/how-connect-works/) based SSO
+* #### [OpenID Connect](https://openid.net/developers/how-connect-works/) based SSO
 * External [OpenID providers for login/account creation (Google/Microsoft/Custom)](enterprise/all-enteprise-features/external-openid-providers/)
 * LDAP (tested on [OpenLDAP](https://www.openldap.org/)) synchronization
 * nice UI to manage users

admin-and-features/features-and-configuration/wireguard/remote-desktop-activation.md

@@ -12,7 +12,7 @@ Users can activate / configure their desktop client themselves - for that docume
 
 Navigate to the user's list page.
 
-<figure><img src="../../../.gitbook/assets/image (1) (1).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
 
 Select "Configure Desktop Client" from the action menu.
 

enterprise/all-enteprise-features/external-openid-providers/google.md

@@ -31,3 +31,37 @@ Here is [full Google documentation](https://developers.google.com/identity/openi
 11. After you proceed further, you will be presented with a popup containing your `Client ID` and `Client Secret`, copy them and paste on the Defguard OpenID configuration page.
 
     <figure><img src="../../../.gitbook/assets/settings.png" alt=""><figcaption></figcaption></figure>
+
+### Directory synchronization
+
+{% hint style="warning" %}
+Documentation regarding this feature is still work in progress and incomplete.
+{% endhint %}
+
+{% hint style="info" %}
+This feature is available only in Defguard v1.2.0 and above
+{% endhint %}
+
+Defguard supports synchronization of users and groups state based on Google Workspace. The following things can be synchronized:
+
+* Users state: users disabled in Google Workspace will be disabled in Defguard
+* Deletion of users: users deleted in Google Workspace will be deleted in Defguard
+* User groups: user groups in Google Workspace will be automatically assigned and created in Defguard
+
+#### Directory synchronization configuration menu
+
+The menu can be found in Defguard settings by navigatin to the "OpenID" tab.
+
+<figure><img src="../../../.gitbook/assets/image.png" alt=""><figcaption></figcaption></figure>
+
+The following configuration options are currently available in the directory synchronization menu:
+
+* Synchronize (All/User/Group): What to synchronize.
+  * All - synchronize both user state (disabled/enabled), their deletion and groups
+  * User - synchronize only user state (disabled/enabled) and whether they've been deleted
+  * Group - synchronize only user groups
+* Synchronization interval (600s by default): How often to synchronize with Google. Very low values may cause issues with Google API. Users are also synchronized on login.
+* User behavior (Keep, Disable, Delete): What to do with users not present in Google Workspace.
+* Admin behavior (Keep, Disable, Delete): What to do with users with admin status in Defguard who are not present in Google Workspace.
+* Admin email: The email of the Google Workspace admin user on which behalf Defguard will call the Google API
+* Service account in use: The email of the Google service account which is currently used

enterprise/all-enteprise-features/external-openid-providers/jumpcloud.md

@@ -1,58 +1,40 @@
 # JumpCloud
 
 1. Login to your JumpCloud admin account.
-2. Navigate to SSO Applications\
-
-
-    <figure><img src="../../../.gitbook/assets/image.png" alt=""><figcaption></figcaption></figure>
-
-
-3. Add a new SSO Application
-4. Select "Custom" on this screen\
-
-
-    <figure><img src="../../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
-
-
-5. Select "Configure SSO with OIDC"\
-
+2.  Navigate to SSO Applications\\
 
     <figure><img src="../../../.gitbook/assets/image (2).png" alt=""><figcaption></figcaption></figure>
+3. Add a new SSO Application
+4.  Select "Custom" on this screen\\
 
+    <figure><img src="../../../.gitbook/assets/image (1) (1).png" alt=""><figcaption></figcaption></figure>
+5.  Select "Configure SSO with OIDC"\\
 
-6. Fill the app's display label in the next form.\
-
+    <figure><img src="../../../.gitbook/assets/image (2) (1).png" alt=""><figcaption></figcaption></figure>
+6.  Fill the app's display label in the next form.\\
 
     <figure><img src="../../../.gitbook/assets/image (3).png" alt=""><figcaption></figcaption></figure>
-
-
-7. After finishing this configuration you will be redirected to your newly created SSO Application's settings. Go to the "SSO" tab first.\
-
+7.  After finishing this configuration you will be redirected to your newly created SSO Application's settings. Go to the "SSO" tab first.\\
 
     <figure><img src="../../../.gitbook/assets/image (4).png" alt=""><figcaption></figcaption></figure>
-8. Configure as following:
+8.  Configure as following:
 
     <figure><img src="../../../.gitbook/assets/image (6).png" alt=""><figcaption></figcaption></figure>
 
     Make sure to set the correct Redirect URI and Login URL that will reflect your Defguard's setup. If you access your Defguard dashboard at e.g. `https://defguard.example.net` your redirect URI will be `https://defguard.example.net/auth/callback` and the login URL `https://defguard.example.net/auth/login`. Additionally, if you are using a Defguard proxy to enroll users, you can also add another redirect URI in the form of `<DEFGUARD_ENROLLMENT_URL>/openid/callback`, where the `<DEFGUARD_ENROLLMENT_URL>` is the address at which your proxy enrollment page is accessible.
-9. Next, select the profile scope and add an `email` user attribute mapping by hand, like so:\
-
+9.  Next, select the profile scope and add an `email` user attribute mapping by hand, like so:\\
 
     <figure><img src="../../../.gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
 
     It's important **not** to select the email standard scope checkbox, as it will automatically add a constant `email_verified` field which doesn't conform to the OpenID standard and doesn't work with Defguard. You can see the following section for more information: [#jumpcloud](./#jumpcloud "mention").
 10. Click "Activate". You will be presented with a client ID and a secret. Copy both of them, as you will need to insert them in Defguard's settings.
-11. Go to Defguard settings, OpenID tab, select a `Custom` provider tab and paste the copied values:\
-
+11. Go to Defguard settings, OpenID tab, select a `Custom` provider tab and paste the copied values:\\
 
     <figure><img src="../../../.gitbook/assets/image (8).png" alt=""><figcaption></figcaption></figure>
 
     Set the base URL to `https://oauth.id.jumpcloud.com/`. The display name may be whatever you want.
 12. Back in JumpCloud, make sure your users have access to the SSO Application. You can enable it by navigating to the `User groups` menu and selecting the group you want to enable logging in through JumpCloud for. Only users from this group will be able to login to Defguard with JumpCloud. In this example, we will select the `All users` group, which is a dynamic group containing every user.
-13. Now in the group settings menu, select the `Applications` tab and select the checkbox next to your newly created app, this will enable the app for that group. Click `Save group` when you finish.\
-
+13. Now in the group settings menu, select the `Applications` tab and select the checkbox next to your newly created app, this will enable the app for that group. Click `Save group` when you finish.\\
 
     <figure><img src="../../../.gitbook/assets/image (9).png" alt=""><figcaption></figcaption></figure>
-
-
 14. Now you should be able to login to Defguard with JumpCloud.