diff --git a/docs/docs/concepts/zitadel/objects/organizations.md b/docs/docs/concepts/zitadel/objects/organizations.md index b01dd2af59..29ca334a82 100644 --- a/docs/docs/concepts/zitadel/objects/organizations.md +++ b/docs/docs/concepts/zitadel/objects/organizations.md @@ -4,4 +4,9 @@ title: Organizations import OrgDescription from './_org_description.mdx'; - \ No newline at end of file + + +## Global Organization + +In each ZITADEL system you will have a Global organization. If a user registers himself and no specific domain is given he will land in the Global organization. +Users in the Global Organization are managed by themselves and not by the organization manager. diff --git a/docs/docs/manuals/user-factors.md b/docs/docs/manuals/user-factors.md index 35bf85bc0d..029ce0a2c7 100644 --- a/docs/docs/manuals/user-factors.md +++ b/docs/docs/manuals/user-factors.md @@ -5,25 +5,41 @@ title: Factors ## Manage Multi Factor To enable multifactor authentication visit the "Personal Information" page of your account and scroll to the "multifactor authentication". -You can either: -1. Configure OTP (One Time Password) +:::caution +In order to avoid being locked out if a factor does not work, we recommend registering several options +::: -An OTP application creates a dynamic Token that changes periodically and needs to be added in addition to the password. Install an aproppriate OTP application of your choice and register Zitadel. The most convenient way is to scan the QR code with your the application on your mobile device. +### Configure OTP (One Time Password) -> **Information:** Some example Authenticator Apps for OTP are: Google Authenticator, Microsoft Authenticator, Authy. You can choose the one you like the most. +An OTP application creates a dynamic Token that changes periodically and needs to be added in addition to the password. +1. Install an appropriate OTP application of your choice +2. Click Add AuthFactor +3. Choose OTP Option +4. Scan the QR Code with you chosen authenticator app +5. Enter the code from your app in the ZITADEL Console -2. Add U2F (Universal Second Factor) +:::info +Some example Authenticator Apps for OTP are: Google Authenticator, Microsoft Authenticator, Authy. You can choose the one you like the most. +::: -Unuversal Second Factor basically is a piece of hardware such as an USB key that gets linked to your Identity and authorizes as second factor when a button on the device is pressed. +![Add One Time Password](/img/manuals/console_add_otp.gif) -> **Information:** some example Keys are [Solokeys](https://solokeys.com) or [Yubikey](https://www.yubico.com/) You can choose the one you like the most. +### Configure U2F (Universal Second Factor) + +U2F is dependent on the device and browser you are currently working. +In general there might be the following possibilities: +- FingerScan +- FaceRecognition (e.g. FaceID) +- Hardware Tokens (e.g. YubiKey, Solokeys) + +Hardware Tokens are basically a piece of hardware such as a USB key that gets linked to your Identity and authorizes as second factor when a button on the device is pressed. + +:::info +Some example Keys are [Solokeys](https://solokeys.com) or [Yubikey](https://www.yubico.com/) You can choose the one you like the most. +::: + +![Add Universal Second Factor](/img/manuals/console_add_u2f.gif) -Enable Multi Factor -![Enable Multi Factor](/img/enable-mfa-handling.gif) - - -Login Multi Factor -![Login Multi Factor](/img/login-mfa.gif) diff --git a/docs/docs/manuals/user-login.md b/docs/docs/manuals/user-login.md index 578e856a04..53eae1117d 100644 --- a/docs/docs/manuals/user-login.md +++ b/docs/docs/manuals/user-login.md @@ -3,12 +3,40 @@ title: Login --- ## Login Username + +Enter your login name in the input field. Your loginname consists of the username with @ organisation domain. E.g road.runner@acme.caos.ch +If the organization is already pre-selected you do not have to enter the domain. + ![Login Username](/img/accounts_page.png) -## Login Password +## Login with Password + +Enter you password. If you can't remember it click on the reset password link. You will get an email to set a new passwords. ![Login Password](/img/accounts_password.png) -## Login OTP +## Login with One Time Password (OTP) + +If you have registered a One time password (OTP) as a second factor you need to enter your code. + +1. Open your authenticator app which you used to set up your OTP +2. Enter the code from the authenticator app in the input field of the login process + ![Login OTP](/img/accounts_multifactor.png) + +You can find out how to register OTP [here](./user-factors). + +### Can't remember your otp + +If you have a problem with your OTP, please contact your organization support. If you have a user in the Global Organization feel free to contact support@zitadel.ch + +## Login with Universal Second Factor (U2F) (FaceID, FingerPrint, etc.) + +If you have registered U2F as second factor for your account you will have to verify this factor. +1. Click the button "Verify Token" +2. Your browser/device will show you the methods you have to verify your account (e.g FingerScan, Face Recognition, External Hardware Token, etc) +3. Use your verification method + +![Login Multi Factor](/img/login-mfa.gif) + diff --git a/docs/docs/manuals/user-passwordless.md b/docs/docs/manuals/user-passwordless.md new file mode 100644 index 0000000000..2b59acaad0 --- /dev/null +++ b/docs/docs/manuals/user-passwordless.md @@ -0,0 +1,28 @@ +--- +title: Passwordless +--- + +## Register Passwordless Authentication + +Add passwordless authentication to secure your account. + +1. Go to personal information - passwordless authentication +2. Click add authenticator +3. Enter a name for your authentication +4. You have three options to register a new method + - Directly register a new method + - Send a link to your email address + - Generate a QR Code to scan with another device (e.g. Mobile Phone) +5. Directly register a new method + 1. Your device/browser will show you the possibilities you have + 2. Choose your preferred method + 3. Verify your method (e.g. Finger Scan, Face Recognition, Hardware Token, etc..) + +:::caution +If you use different browsers, make sure you register all of them, otherwise you will not be able to use passwordless registration everywhere. +This doesn't count for hardware tokens, as these are device independent. +::: + + +![Add Passwordless](/img/manuals/console_add_passwordless_direct.gif) + diff --git a/docs/sidebars.js b/docs/sidebars.js index d0866f4c88..b74e29f5de 100644 --- a/docs/sidebars.js +++ b/docs/sidebars.js @@ -235,7 +235,7 @@ module.exports = { { type: 'category', label: 'User', - items: ['manuals/user-register', 'manuals/user-login', 'manuals/user-password', 'manuals/user-factors', 'manuals/user-email', 'manuals/user-phone', 'manuals/user-social-login',], + items: ['manuals/user-register', 'manuals/user-login', 'manuals/user-passwordless', 'manuals/user-password', 'manuals/user-factors', 'manuals/user-email', 'manuals/user-phone', 'manuals/user-social-login',], collapsed: false, }, ], diff --git a/docs/static/img/manuals/console_add_otp.gif b/docs/static/img/manuals/console_add_otp.gif new file mode 100644 index 0000000000..268764b2f1 Binary files /dev/null and b/docs/static/img/manuals/console_add_otp.gif differ diff --git a/docs/static/img/manuals/console_add_passwordless_direct.gif b/docs/static/img/manuals/console_add_passwordless_direct.gif new file mode 100644 index 0000000000..002f0ac8d2 Binary files /dev/null and b/docs/static/img/manuals/console_add_passwordless_direct.gif differ diff --git a/docs/static/img/manuals/console_add_u2f.gif b/docs/static/img/manuals/console_add_u2f.gif new file mode 100644 index 0000000000..301bccdc85 Binary files /dev/null and b/docs/static/img/manuals/console_add_u2f.gif differ