From 3efdae4cd508e006af2c3dadec8213a2d12e8e9d Mon Sep 17 00:00:00 2001 From: Denise Date: Thu, 14 Mar 2019 10:38:15 -0700 Subject: [PATCH] Update _index.md --- .../v2.x/en/admin-settings/authentication/okta/_index.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/content/rancher/v2.x/en/admin-settings/authentication/okta/_index.md b/content/rancher/v2.x/en/admin-settings/authentication/okta/_index.md index 26f75b871d1..337f88cca47 100644 --- a/content/rancher/v2.x/en/admin-settings/authentication/okta/_index.md +++ b/content/rancher/v2.x/en/admin-settings/authentication/okta/_index.md @@ -49,3 +49,11 @@ In Okta, create a SAML Application with the settings below. See the [Okta docume >**Note:** If nothing seems to happen, it's likely because your browser blocked the pop-up. Make sure you disable the pop-up blocker for your rancher domain and whitelist it in any other extensions you might utilize. **Result:** Rancher is configured to work with Okta. Your users can now sign into Rancher using their Okta logins. + +>**Keycloak Identity Provider Caveats:** +> +>- SAML Protocol does not support search or lookup for users or groups. Therefore, there is no validation on users or groups when adding them to Rancher. +>- When adding users, the exact user IDs (i.e. `UID Field`) must be entered correctly. As you type the user ID, there will be no search for other user IDs that may match. +>- When adding groups, you *must* select the group from the drop-down that is next to the text box. Rancher assumes that any input from the text box is a user. +> +> - The group drop-down shows *only* the groups that you are a member of. You will not be able to add groups that you are not a member of.