diff --git a/docs/guides/_implementation-guide/plan/prepare-for-building.md b/docs/guides/_implementation-guide/plan/prepare-for-building.md
index 2369b753b2..2b90725f7d 100644
--- a/docs/guides/_implementation-guide/plan/prepare-for-building.md
+++ b/docs/guides/_implementation-guide/plan/prepare-for-building.md
@@ -32,7 +32,7 @@ Read more about roles and permissions [here](https://docs.port.io/sso-rbac/users
## Configure SSO
-Select the relevant [SSO provider](/sso-rbac/sso-providers/) and follow the instructions to set it up.
+Follow the SSO configuration steps in the [manage your SSO connection](/sso-rbac/self-serve-sso) documenation to set it up.
:::info Enterprise feature
Note that SSO support is an enterprise feature. If you are using the free tier, you can skip this step.
diff --git a/docs/integrations-index.md b/docs/integrations-index.md
index 022611f707..338933defd 100644
--- a/docs/integrations-index.md
+++ b/docs/integrations-index.md
@@ -53,7 +53,7 @@ This page contains a list of Port's available integrations, organized by the pla
### Azure
- [Azure exporter](/build-your-software-catalog/sync-data-to-catalog/cloud-providers/azure/azure.md)
-- [Azure Active Directory (AD) SSO](/sso-rbac/sso-providers/oidc/azure-ad.md)
+- [Azure Active Directory (AD) SSO](/sso-rbac/self-serve-sso)
- [Map resource groups, storage groups, compute resources database resources and more](/build-your-software-catalog/sync-data-to-catalog/cloud-providers/azure/resource_templates/resource_templates.md)
- [Add tags to Azure resources](/guides/all/tag-azure-resource)
@@ -320,12 +320,7 @@ This page contains a list of Port's available integrations, organized by the pla
## SSO
-- [Okta SSO](/sso-rbac/sso-providers/oidc/okta.md)
-- [OneLogin SSO](/sso-rbac/sso-providers/oidc/onelogin.md)
-- [JumpCloud SSO](/sso-rbac/sso-providers/saml/jumpcloud.md)
-- [Google workspace SSO](/sso-rbac/sso-providers/saml/google-workspace.md)
-- [Azure Active Directory (AD) SSO OIDC](/sso-rbac/sso-providers/oidc/azure-ad.md)
-- [Azure Active Directory (AD) SSO SAML](/sso-rbac/sso-providers/saml/azure-ad.md)
+- [Manage your SSO connection](/sso-rbac/self-serve-sso)
## StackHawk
diff --git a/docs/security.md b/docs/security.md
index 97226fec9a..e21a9c000b 100644
--- a/docs/security.md
+++ b/docs/security.md
@@ -201,7 +201,7 @@ In addition to password login and social login, multi-factor authentication (MFA
### Single sign-on (SSO)
-Port integrates with all major [SSO providers](/sso-rbac/sso-providers/), allowing you to seamlessly import users and teams, and also exposing Port to your organization in a managed manner.
+Port integrates with all major [SSO providers](/sso-rbac/self-serve-sso), allowing you to seamlessly import users and teams, and also exposing Port to your organization in a managed manner.
Port supports SSO using the OIDC protocol and the SAML 2.0 protocol, and as such supports all modern Identity Providers.
diff --git a/docs/sso-rbac/sso-providers/ldap/ldap.md b/docs/sso-rbac/_ldap.md
similarity index 100%
rename from docs/sso-rbac/sso-providers/ldap/ldap.md
rename to docs/sso-rbac/_ldap.md
diff --git a/docs/sso-rbac/ownership.md b/docs/sso-rbac/ownership.md
index 13455a4ad8..ad565e327b 100644
--- a/docs/sso-rbac/ownership.md
+++ b/docs/sso-rbac/ownership.md
@@ -1,5 +1,5 @@
---
-sidebar_position: 4
+sidebar_position: 5
---
import Tabs from '@theme/Tabs';
diff --git a/docs/sso-rbac/port-secrets/_category_.json b/docs/sso-rbac/port-secrets/_category_.json
index 20a232975a..3cb61eda1d 100644
--- a/docs/sso-rbac/port-secrets/_category_.json
+++ b/docs/sso-rbac/port-secrets/_category_.json
@@ -1,4 +1,4 @@
{
"label": "Port secrets",
- "position": 4
+ "position": 6
}
diff --git a/docs/sso-rbac/self-serve-sso.md b/docs/sso-rbac/self-serve-sso.md
new file mode 100644
index 0000000000..046f448f57
--- /dev/null
+++ b/docs/sso-rbac/self-serve-sso.md
@@ -0,0 +1,111 @@
+---
+title: "Manage your SSO connection"
+sidebar_position: 4
+description: Set up and manage SSO for your organization directly from the portal
+---
+
+# Manage your SSO connection
+
+Port allows company admins to configure SSO (Single Sign-On) directly from the portal.
+This self-serve flow guides you through connecting your identity provider (IdP) to Port.
+
+## Prerequisites
+
+- This feature is available for **enterprise accounts** only.
+- Your account must have migrated to [multi-organization](/sso-rbac/multi-organization).
+- You must be a **company admin** to configure SSO.
+- You need access to your identity provider's admin console to create and configure applications.
+
+## Setup
+
+Follow these steps to configure SSO for your company:
+
+### Step 1: Initiate the SSO setup
+
+1. Go to the [Builder page](https://app.getport.io/settings/data-model) of your portal.
+2. Click on **Organization settings** in the left sidebar.
+3. Navigate to the **SSO** tab.
+4. Click the **Set up SSO connection** button.
+
+:::info URL validity
+A unique SSO setup link will be generated for you, it will be valid for 5 hours after you first open it, or 5 days if you don't open it. You can copy and save the link to complete the setup later.
+:::
+
+### Step 2: Configure your identity provider
+
+After clicking the setup button, you will be guided to configure the SSO connection. The following identity providers are supported:
+
+- Okta
+- Entra ID
+- Keycloak
+- ADFS
+- Google Workspace
+- PingFederate
+- Custom SAML
+- Custom OIDC
+
+The setup process is fully guided by Auth0's self-service assistant, which walks you through each step including creating an application in your IdP, configuring the connection, mapping claims, and testing the SSO integration. For a detailed example walkthrough of the assistant flow, see the [Auth0 Self-Service SSO documentation](https://auth0.com/docs/authenticate/enterprise-connections/self-service-SSO#example-self-service-assistant-flow).
+
+Complete the configuration in your identity provider's admin console following the on-screen instructions.
+
+### Step 3: Monitor the connection status
+
+While configuring your IdP, the Port UI displays the current status of your SSO connection:
+
+| Status indicator | Description |
+| :----------------: | ----------- |
+| 
| The setup process is in progress or hasn't been verified yet. |
+| 
| The SSO connection was successfully created and verified. |
+| 
| The SSO connection setup failed. See the [troubleshooting](#troubleshooting) section below for resolution options. |
+
+Once you have completed the configuration in your identity provider, click the **Setup is Done** button in Port to indicate that the process is finished.
+
+## Manage the connection
+
+After the SSO connection is successfully established, you can configure the following options:
+
+
+
+1. **Set group filters** - Click `Set Group Filters` to control which IdP groups sync into Port teams. You can use regular expressions (RegEx) to define allowed and blocked group patterns.
+
+ :::info Group filter playground
+ The group filter configuration in Port is a playground for testing your RegEx patterns. It does not modify the actual groups in your IdP - group management should always be done in your identity provider's admin console. Groups that are already synced to Port will appear by default in the playground, allowing you to test how your filters would affect them.
+ :::
+
+2. **Block social login for domains** - Your configured domains are displayed here. You can toggle social login blocking per domain. When enabled for a domain, users with email addresses from that domain must sign in through your SSO provider and cannot use social login methods (such as Google or GitHub sign-in). To add more domains, use `Edit Connection`.
+
+3. **Session settings** - Click `Session Settings` to configure session timeout settings for your SSO users. You can set the following:
+ - **Max session TTL** - The maximum session duration in minutes.
+ - **Idle session TTL** - The idle timeout duration in minutes before a session expires due to inactivity.
+
+4. **Edit connection** - Click `Edit Connection` to open the Auth0 management interface where you can modify your SSO configuration, including adding or managing domains associated with your SSO connection.
+
+## Limitations
+
+- Terraform is not supported for self-serve SSO setup.
+
+## Troubleshooting
+
+If you click `Setup is Done` and encounter an error, use the following table to identify and resolve the issue:
+
+| Error | Cause | Resolution |
+| ----- | ----- | ---------- |
+| Connection not created | The SSO connection was not created successfully. | Click **Start Again** to generate a new setup URL and repeat the configuration process. |
+| Mapping failed | The connection mapping failed. | Click **Edit Connection** to review and fix the configuration. |
+| Linking failed | The SSO provider is connected, but linking to the company in Port failed. | Contact [Port's support team](http://support.port.io/) for assistance. |
+
+## FAQ
+
+
+Can we use multiple SSO providers (e.g., Okta and Azure)? (click to expand)
+
+No. Port supports only one SSO provider per company at a time.
+
+
+
+
+How do we switch providers (e.g., from Okta to Azure)? (click to expand)
+
+You need to **delete** the existing connection and start the setup process from the beginning. There is no migration path between SSO providers.
+
+
diff --git a/docs/sso-rbac/sso-providers/_category_.json b/docs/sso-rbac/sso-providers/_category_.json
deleted file mode 100644
index 28c3ce2d4e..0000000000
--- a/docs/sso-rbac/sso-providers/_category_.json
+++ /dev/null
@@ -1,4 +0,0 @@
-{
- "label": "SSO providers",
- "position": 3
-}
diff --git a/docs/sso-rbac/sso-providers/_scim_functionality_list.mdx b/docs/sso-rbac/sso-providers/_scim_functionality_list.mdx
deleted file mode 100644
index 3173b90111..0000000000
--- a/docs/sso-rbac/sso-providers/_scim_functionality_list.mdx
+++ /dev/null
@@ -1,16 +0,0 @@
- Functionality enabled by SCIM
-
-By enabling SCIM the following functionality will be enabled:
-
-- Automatic deprovisioning of users (for example, when a user is unassigned from the SSO application, that user will automatically lose access to Port).
-
- Limitations
-
-- **Does not support user provisioning** - Only deprovisioning is supported; users must be created manually or through SSO login.
-- **Does not sync user attribute updates** - Changes to user profiles in your identity provider will not automatically update in Port.
-- **Does not support group provisioning** - Group membership changes in your identity provider are not synchronized via SCIM.
-- **Does not provide real-time sync** - SCIM operations may have delays and are not instantaneous.
-- **Does not support custom user attributes** - Only standard user fields are processed during deprovisioning.
-- **Only supported for customers with a single workspace** - SCIM is not available for multi-workspace setups.
-
-For full user and group synchronization, rely on the SSO login process rather than SCIM.
diff --git a/docs/sso-rbac/sso-providers/ldap/_category_.json b/docs/sso-rbac/sso-providers/ldap/_category_.json
deleted file mode 100644
index d9bacd0ffb..0000000000
--- a/docs/sso-rbac/sso-providers/ldap/_category_.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
- "label": "LDAP",
- "position": 3
-}
-
\ No newline at end of file
diff --git a/docs/sso-rbac/sso-providers/oidc/_category_.json b/docs/sso-rbac/sso-providers/oidc/_category_.json
deleted file mode 100644
index 71cc0d062a..0000000000
--- a/docs/sso-rbac/sso-providers/oidc/_category_.json
+++ /dev/null
@@ -1,4 +0,0 @@
-{
- "label": "OIDC",
- "position": 2
-}
diff --git a/docs/sso-rbac/sso-providers/oidc/_scim_oidc_limitation.mdx b/docs/sso-rbac/sso-providers/oidc/_scim_oidc_limitation.mdx
deleted file mode 100644
index e3aaf5a575..0000000000
--- a/docs/sso-rbac/sso-providers/oidc/_scim_oidc_limitation.mdx
+++ /dev/null
@@ -1,5 +0,0 @@
-:::info multiple SSO applications for SCIM with OIDC
-Due to technical limitations, OIDC integrations do not directly support SCIM. You will be required to set up another application, which will be handle provisioning based on the SCIM protocol.
-
-With SCIM in place, in order to grant the user access to Port, you will need to assign the user both the primary SSO application and to the SCIM application.
-:::
\ No newline at end of file
diff --git a/docs/sso-rbac/sso-providers/oidc/azure-ad.md b/docs/sso-rbac/sso-providers/oidc/azure-ad.md
deleted file mode 100644
index bcd18680fe..0000000000
--- a/docs/sso-rbac/sso-providers/oidc/azure-ad.md
+++ /dev/null
@@ -1,292 +0,0 @@
----
-title: "Microsoft Entra ID (AzureAD)"
-sidebar_position: 1
-description: Integrate AzureAD with Port using OIDC
----
-
-import ScimFunctionality from "/docs/sso-rbac/sso-providers/\_scim_functionality_list.mdx"
-import ScimLimitation from "/docs/sso-rbac/sso-providers/oidc/\_scim_oidc_limitation.mdx"
-import SSOEndpoints from "/docs/generalTemplates/_sso_auth0_endpoints.md"
-
-# Entra ID (AzureAD)
-
-This guide demonstrates how to configure Single Sign-On (SSO) integration between Port and Microsoft Entra ID (AzureAD) using OIDC.
-
-Once implemented:
-- Users can connect to Port via an AzureAD app.
-- AzureAD teams will be automatically synced with Port upon user sign-in.
-- You can set granular permissions in Port according to your AzureAD groups.
-
-## Prerequisites
-
-Before starting the configuration, ensure you have:
-
-- Access to the Microsoft Azure Portal with permissions to create and configure applications.
-- Users who need access to Port must have a valid value in their `Email` field in Azure AD.
-- Contact information ready to share with Port support team for the final configuration steps.
-
-:::info Contact us
-To complete the process you will need to contact us to receive the information you require, as well as provide Port with specific application details outlined in this guide.
-:::
-
-## Register a new application
-
- Create the application registration
-
-1. In the Microsoft Azure Portal, go to `Azure Active Directory`.
-2. Click on `App registrations`.
-
- 
-
-3. Click on `New registration` at the top of the page.
-
- 
-
-4. Define the Port application settings:
-
- 4.1 **Name**: Insert a friendly name for the Port app, like `Port`.
-
- 4.2 **Supported account types**: Please select the option that is appropriate for your organization.
-
- For most use cases this would be **Accounts in this organizational directory only (Default Directory only - Single tenant)**.
-
- 4.3 **Redirect URI**:
- - Set `Platform` to `Web`
- - Set `URL` to `https://auth.getport.io/login/callback`
-
- 
-
-
- 4.4 Click `Register`.
-
- Configure authentication settings
-
-1. On the new Port App page, click `Authentication`.
-
- 
-
-2. Add the **Front-channel logout URL**: paste the following URL:
-
- ```text showLineNumbers
- https://auth.getport.io/logout
- ```
-
- Adding the front-channel logout URL will enable single sign-out, meaning when a user logs out from Port, it also logs them out from their identity provider.
-
- 
-
-3. Click `Save`.
-
-## Configure application branding
-
-1. On the new Port App page, click `Branding & Properties`.
-
- 
-
-2. Configure the following settings:
-
- 2.1 **Home page URL**: paste the following URL:
-
-
-
- We will provide your `{CONNECTION_NAME}` (Contact us using chat/Slack/mail to [support.port.io](http://support.port.io/)).
-
- 2.2 **Publisher domain**: Select the domain matching your user emails (for example `getport.io`).
-
- 
-
-3. Click `Save`.
-
-## Set up application permissions
-
- Add required permissions
-
-1. On the Port App page, click `API Permissions`.
-
- 
-
-2. Click `Add a permission`.
-
- 
-
-3. On the `Microsoft APIs` tab:
-
- 3.1 Click on `Microsoft Graph`.
-
- 
-
- 3.2 Click on `Delegate Permissions`.
-
- 
-
- 3.3 Search and mark the following permissions:
- - `email`, `openid`, `profile`, `User.read`
-
-
-
- :::info AzureAD groups integration
- If you wish to pull in AzureAD groups into Port, you will also need to add the `Directory.Read.All` permission.
- See [Permissions required to pull AzureAD groups to Port](#enable-azuread-groups-integration) for more details.
- :::
-
-
-
- 
-
- 3.4 Click `Add permissions`.
-
- :::info Grant admin consent
- (OPTIONAL) `Grant admin consent`: when users from your organization will first log in, they will be prompted to confirm the permissions specified here. You can click the `Grant admin consent for Default Directory` to automatically approve their permissions.
- :::
-
-
-
-## Configure application claims
-
- Add optional claims
-
-1. On the Port App page, click `Token configuration`.
-
- 
-
-2. Click `Add optional claim`.
-
- 
-
-3. Select `ID` as the token type and then select the `email` claim, then click `Add`.
-
- 
-
- Repeat the same process for `Access` and `SAML` (3 times total).
-
-4. Your optional claims will look like this:
-
- 
-
-## Generate application secret
-
- Create client secret
-
-1. On the Port App page, click `Certificates & Secrets`.
-
- 
-
-2. On the `Client secrets` tab, click the `New client secret` button.
-
- 
-
-3. Configure the secret:
-
- 3.1 **Description**: Enter a secret description, for example `Port Login Client Secret`.
-
- 3.2 **Expires**: Select when the secret expires.
-
- Be sure to mark on your calendar the expiration date of the secret. The secret needs to be replaced before its expiration, otherwise login to Port will be disabled.
-
- 3.3 Click `Add`.
-
-4. **Copy the secret immediately**: A secret will be created and its Value will appear as shown in the image below. Document the secret's value immediately because it will never appear again after you leave this page.
-
- 
-
-## Provide application information to Port
-
-Port needs the following information to complete the integration:
-
-- The `Client Secret` value that you created in the previous step.
-- The `Application (Client) ID`, which appears on the Port application overview page:
-
-
-
-Port will provide you the `CONNECTION_NAME` needed for the homepage URL of the App.
-
-## Distribute the application to users
-
- Assign users and groups
-
-After the app setup is complete, you can assign it to your organization's users and groups:
-
-1. Go to `Azure Active Directory`.
-
-2. Go to `Enterprise Applications`.
-
- 
-
-3. Click on the Port app.
-
- 
-
-4. Click on `Users and Groups`.
-
- 
-
-5. Click `Add user/group`.
-
- 
-
-6. Select users and groups you want to grant access to Port, then click `Assign`.
-
- Make the application visible
-
-1. Go to `Azure Active Directory` > `Enterprise Applications` > Port app.
-
-2. Click on `Properties`.
-
- 
-
-3. Set the application properties:
- - Mark `Enabled for users to sign-in?` as `Yes`.
- - Mark `Visible to users?` as `Yes`.
-
-
- :::info Assignment required?
- By default the `Assignment required?` flag is set to `No`, meaning any user with the Homepage URL to the Port app can access it, even if the app isn't directly assigned to them. Changing the flag to `Yes` means only users and groups the app is directly assigned to can use and access it.
- :::
-
-
-
- 
-
-4. You should see the Port app on the [https://myapplications.microsoft.com](https://myapplications.microsoft.com) dashboard:
-
- 
-
-Users can also manually access Port by going to the App Homepage URL.
-
-## Multiple Azure AD SSO connections
-
-If you have multiple Port environments, it is possible to setup an OIDC Azure AD SSO connection for each environment.
-
-However, note that in this instance you **will not** be able to use Port's main login page to reliably sign in to a specific environment. When you enter your email address to login, it will take you to one of your Port environments but it is not guaranteed to take you to the same Port environment every time.
-
-In that case you have the following options:
-
-- Use the [https://myapplications.microsoft.com](https://myapplications.microsoft.com) dashboard provided by Azure AD and select the desired Port environment to connect to.
-- Use the manual login URL for each environment directly, by specifying the desired environment based on its respective `CONNECTION_NAME` value.
-
-## Enable AzureAD groups integration
-
-Port can query the group membership of users who log in through the AzureAD SSO, and add their teams as team entities inside Port. This allows platform engineers to take advantage of both existing groups from AzureAD and teams created manually inside Port to manage permissions and access to resources inside Port's catalog.
-
-In order to import Azure AD groups into Port, Port will require the connection app to approve the `Directory.Read.All` permission.
-
-
diff --git a/docs/sso-rbac/sso-providers/oidc/oidc.md b/docs/sso-rbac/sso-providers/oidc/oidc.md
deleted file mode 100644
index c747a3ec3a..0000000000
--- a/docs/sso-rbac/sso-providers/oidc/oidc.md
+++ /dev/null
@@ -1,33 +0,0 @@
----
-title: "OIDC"
-sidebar_position: 1
-description: Integrate any SSO with Port using OIDC application
----
-
-import SSOEndpoints from "/docs/generalTemplates/_sso_auth0_endpoints.md"
-import DirectUrl from "/docs/generalTemplates/_sso_direct_url.md"
-import DocCardList from '@theme/DocCardList';
-
-This documentation describes the process of integrating an OIDC application with Port, along with some examples for specific identity providers.
-In order to integrate Port with an OIDC SSO application, you will need to do the following:
-
-1. Create a new OIDC application in your identity provider and provide an app integration name, like `Port`.
-2. Configure the application with the following details:
- - Redirect URI: `https://auth.getport.io/login/callback`
- - Login URI:
-
- :::note
- We will provide your `{CONNECTION_NAME}` (Contact us using chat/Slack/mail to [support.port.io](http://support.port.io/)).
- :::
-3. Expose the application to your organization by either granting access to everyone or restricting it to specific roles.
-4. Share information about your SSO application:
- - Provide Port with the following details:
- - `Client ID`: The client identifier for your OIDC application.
- - `Client Secret`: The client secret for your OIDC application.
-5. Add a custom property `email_verified` and configure the OpenID Claims in your identity provider to ensure that Port receives the value `true` for this attribute as part of the connection process. This step may be required specifically for certain identity providers such as [OneLogin](/sso-rbac/sso-providers/oidc/onelogin.md#step-4-add-email_verified-custom-property-to-all-users).
-6. Configure the Groups claim in the OpenID Connect Token settings to enable automatic groups or roles support in Port.
- :::note
- This step is OPTIONAL and is required only if you wish to pull all of your groups or roles into Port inherently.
- :::
-
-
diff --git a/docs/sso-rbac/sso-providers/oidc/okta.md b/docs/sso-rbac/sso-providers/oidc/okta.md
deleted file mode 100644
index 0c9f2b6200..0000000000
--- a/docs/sso-rbac/sso-providers/oidc/okta.md
+++ /dev/null
@@ -1,143 +0,0 @@
----
-title: "Okta (OIDC)"
-sidebar_position: 2
-description: Integrate Okta with Port
----
-
-import ScimFunctionality from "/docs/sso-rbac/sso-providers/_scim_functionality_list.mdx"
-import ScimLimitation from "/docs/sso-rbac/sso-providers/oidc/_scim_oidc_limitation.mdx"
-import SSOEndpoints from "/docs/generalTemplates/_sso_auth0_endpoints.md"
-import DirectUrl from "/docs/generalTemplates/_sso_direct_url.md"
-
-# Okta
-
-Follow this step-by-step guide to configure the integration between Port and Okta.
-
-:::info Contact us
-In order to complete the process you will need to contact us, the exact information we need to provide, as well as the information Port requires from you is listed in this doc.
-Contact us using chat/Slack/mail to [support.port.io](http://support.port.io/).
-:::
-
-## Port-Okta integration benefits
-
-- Connect to the Port application via an Okta app.
-- Your Okta teams will be synced with Port, automatically upon user sign-in.
-- Set granular permissions on Port according to your Okta groups.
-
-## How to configure the Okta app integration for Port
-
-### Step #1: Create a new Okta application
-
-1. In the Admin Console, go to Applications -> Applications.
-2. Click `Create App Integration`.
-
- 
-
-3. Create an OIDC app integration. Select **OIDC - OpenID Connect** in the Wizard.
-
- 
-
-4. Choose **Single-Page application** as your application type.
-
- 
-
-Click `Next`.
-
-### Step #2: Configure your Okta application
-
-Under `General Settings`:
-
-1. Choose an `app integration name` (a specific name that will appear on your Okta apps).
-
-2. Under `Grant type` mark all options.
-
-3. Under `Sign-in redirect URIs`, choose the value that matches your Port region:
-
- - EU organizations: `https://auth.getport.io/login/callback`
- - US organizations: `https://auth.us.getport.io/login/callback`
-
- :::caution Redirect URI must match your region
- Using the EU callback for a US-hosted org (or vice versa) causes a 400 error during the Okta sign-in flow. Double-check the value before saving.
- :::
-
- - The Sign-in redirect URI is where Okta sends the authentication response and ID token for the sign-in request.
-
-4. Remove the sign-out redirect URIs.
-
-5. Under `Assignments`: Set `Allow everyone in your organization to access`.
-
- 
- 
-
-### Step #3: Configure OIDC settings
-
-Get your `Okta Domain` by clicking on your user mail at the top-right corner of the Okta management interface, hovering on the okta domain (will be in the format `{YOUR_COMPANY_NAME}.okta.com`) and clicking on `Copy to clipboard`:
-
-
-
-Under `General` tab:
-
-1. Copy the `Client ID` and send it to Port along with the `Okta Domain` from the previous step (using chat/Slack/mail to [support.port.io](http://support.port.io/)).
-
- 
-
-2. Click on the `Edit` button on the `General Settings` tab.
-
- 2.1 Set the `Login initiated by` option to `Either Okta or App`:
-
- 
-
- 2.2 Check all the options in `Application visibility`:
-
- 
-
- 2.3 Check `Login flow` to be `Redirect to app to initiate login (OIDC Compliant)`
-
- 2.4 Under `initiate login URI` paste the following URI:
-
-
-
-
- 
-
-
- 2.5 Click `Save` and you’re done! now you’ll have the Port app on your Okta dashboard.
-
-
- 
-
-
-
-
-## How to allow pulling Okta groups to Port
-
-:::info Optional step
-This stage is **OPTIONAL** and is required only if you wish to pull all of your Okta groups into Port inherently.
-
-**Benefit:** managing permissions and user access on Port.
-**Outcome:** for every user that logs in, we will automatically get their associated Okta groups, according to your definition in the settings below.
-:::
-
-To allow automatic Okta group support in Port, please follow these steps:
-
-1. Under the `Application` page, select Port App and go to the `Sign On` tab:
-
- 
-
-2. Under `OpenID Connect Token` click `Edit`:
-
- 
-
-3. Add a `Groups claim type` and choose the option `filter`, then:
-
- 3.1 Value = `groups`
-
- 3.2 Select the required regex phrase to your needs.
-
- :::info Importing all groups
- To import all groups, insert `Matches regex` with the `.*` value.
- :::
-
- 
-
- 3.3 Click `Save`.
\ No newline at end of file
diff --git a/docs/sso-rbac/sso-providers/oidc/onelogin.md b/docs/sso-rbac/sso-providers/oidc/onelogin.md
deleted file mode 100644
index 6313975f80..0000000000
--- a/docs/sso-rbac/sso-providers/oidc/onelogin.md
+++ /dev/null
@@ -1,186 +0,0 @@
----
-title: "Onelogin"
-sidebar_position: 3
-description: Integrate Onelogin with Port
----
-
-import SSOEndpoints from "/docs/generalTemplates/_sso_auth0_endpoints.md"
-import DirectUrl from "/docs/generalTemplates/_sso_direct_url.md"
-
-# Onelogin
-
-Follow this step-by-step guide to configure the integration between Port and Onelogin.
-
-:::info
-In order to complete the process you will need to contact Port to deliver and receive information, as detailed in the guide below.
-:::
-
-## Port-Onelogin integration benefits
-
-- Connect to the Port application via a Onelogin app;
-- Your Onelogin roles will be automatically synced with Port, upon user sign-in;
-- Set granular permissions on Port according to your Onelogin roles.
-
-## How to configure the Onelogin app integration for Port
-
-### Step #1: Create a new Onelogin application
-
-1. In the Admin Console, go to Applications -> Applications.
-2. Click `Add App`.
-
-
-
-3. In the search box type **OpenID Connect**, then select `OpenId Connect (OIDC)`:
-
-
-
-4. Define the initial Port application settings:
-
- 1. `Display Name`: Insert a name of your choice for the Port app, like `Port`.
- 2. Add rectangular and square icons (optional):
-
- 
-
- 
-
-
-
-Click `Save`.
-
-:::tip
-Most of the following steps involve editing the initial Port app you created. Keep in mind you can always go back to it by opening the admin console and going to Applications -> Applications, the Port app will appear in the application list.
-:::
-
-### Step #2: Configure your Onelogin application
-
-In the Port app, go to the `Configuration` menu and follow these steps:
-
-1. Under `Login URL` paste the following login URL:
-
-
-
-:::note
-We will provide your `{CONNECTION_NAME}` (Contact us using chat/Slack/mail to [support.port.io](http://support.port.io/)).
-:::
-
-2. Under `Redirect URI's` set: `https://auth.getport.io/login/callback`.
-
- - The Redirect URI is where Onelogin sends the authentication response and ID token for the sign-in request.
-
-Click `Save`.
-
-:::warning
-Be sure to click save before moving on to the next step because without the `Redirect URI's` filled in, trying to save any other application parameter will result in an error.
-:::
-
-### Step #3: Configure OIDC settings
-
-In the Port app, go to the `SSO` menu and follow these steps:
-
-1. Copy the `Client ID` and the `Client Secret` and send it to Port (on the slack channel).
-
-2. Click on the `Well-known Configuration` Link, and send the page address to Port (its format will be `https://{YOUR_DOMAIN}.onelogin.com/oidc/2/.well-known/openid-configuration`)
-
-3. Change the Token Endpoint - Authentication Method to `None (PKCE)`:
-
-
-
-Click `Save`.
-
-### Step #4: Add `email_verified` custom property to all users
-
-The use of OpenID requires that Onelogin passes to Port an `email_verified` field upon user login. Onelogin does not store and expose that field by default, so in this step, you are going to configure that field and apply it to all users in your Onelogin account. The steps outlined here can also be found in the [Onelogin documentation](https://developers.onelogin.com/openid-connect/guides/email-verified).
-
-1. In the Admin Console, go to Users -> Custom User Fields.
-2. Click on `New User Field`.
-3. Enter the following details:
- 1. `Name`: Email Verified
- 2. `Shortname`: email_verified
-
-
-
-The custom field is `null` by default, in order to change its value to `true` you will create a custom mapping rule:
-
-:::note
-It is also possible to manually change the value of the `Email Verified` field to `true` for each user that requires access to Port in your organization. However, granting access manually to a large number of users is not scalable.
-:::
-
-:::tip
-The mapping specified here will set the value of the `Email Verified` custom field to `true` for every user whose `Status` is `Active` in your Onelogin organization. Feel free to use a different mapping if you seek a specific mapping.
-:::
-
-1. Go to Users -> Mappings
-2. Click on `New Mapping`
-3. Enter mapping details:
- 1. `Name`: Insert a friendly name for the mapping, like `Set Email Verified`;
- 2. `Conditions`: Set the condition: - Status - is - Active;
- 3. `Actions`: Set the action: Set Email Verified - true.
-4. Click `Save`.
-
-
-
-After creating the mapping rule, go back to Users -> Mappings and click on `Reapply All Mappings`. The new mapping might process for a few minutes before it is applied. You can check the mapping job status either by going to Activity -> Jobs or by looking at a specific user and verifying that it has the `Email Verified` field set to `true` (and not the default empty field).
-
-### Step #5: Configure OpenID Claims
-
-In the Port app, go to the `Parameters` menu and follow these steps:
-
-1. Click on the `+` button;
-2. In the form that appears, under `Field Name` write: `openid` and click `save`;
-3. In the value drop down that appears, select `OpenID name`.
-
-Repeat the process two more times and add the following additional parameters:
-
-1. `Field Name`: email, `Value`: Email
-2. `Field Name`: email_verified, `Value`: Email Verified (Custom)
-
-At the end of the process, your `Parameters` section will look like this:
-
-
-
-Click `Save`.
-
-### Step #6: Exposing the application to your organization
-
-1. In the `Application` page, select the Port app and go to the `Access` menu.
-2. In the `Roles` section, select the roles you want to expose the Port app to:
-
- 
-
-3. Click `Save`.
-
-After completing these steps, users with roles that the Port app was assigned to, will see the Port app in their Portal and upon clicking it, will be logged in to Port:
-
-[Onelogin Portal With Port App](/img/sso/onelogin/OneloginPortalWithApp.png)
-
-
-
----
-
-## How to allow pulling Onelogin roles to Port
-
-:::note
-This stage is **OPTIONAL** and is required only if you wish to pull all of your Onelogin roles into Port inherently.
-
-**Benefit:** managing permissions and user access on Port.
-**Outcome:** for every user that logs in, we will automatically get their associated Onelogin roles, according to your definition in the settings below.
-:::
-
-To allow automatic Onelogin roles support in Port, please follow these steps:
-
-1. In the `Application` page, select the Port app and go to the `Parameters` menu;
-
-2. Click on the `Groups` claim:
-
- 
-
-3. Update the groups claim:
-
- 1. Change the value of `Default if no value selected` to `User Roles`;
- 2. From the dropdown, select `Semicolon delimited input`:
-
- 
-
- 3. Click `Save`.
-
-4. Click `Save`.
diff --git a/docs/sso-rbac/sso-providers/saml/_category_.json b/docs/sso-rbac/sso-providers/saml/_category_.json
deleted file mode 100644
index f047448e56..0000000000
--- a/docs/sso-rbac/sso-providers/saml/_category_.json
+++ /dev/null
@@ -1,4 +0,0 @@
-{
- "label": "SAML",
- "position": 1
-}
diff --git a/docs/sso-rbac/sso-providers/saml/azure-ad.md b/docs/sso-rbac/sso-providers/saml/azure-ad.md
deleted file mode 100644
index 025373b41a..0000000000
--- a/docs/sso-rbac/sso-providers/saml/azure-ad.md
+++ /dev/null
@@ -1,86 +0,0 @@
----
-title: "Microsoft Entra ID (AzureAD)"
-sidebar_position: 1
-description: Integrate Entra ID (AzureAD) with Port using SAML
----
-
-import ScimFunctionality from "/docs/sso-rbac/sso-providers/_scim_functionality_list.mdx"
-import DirectUrl from "/docs/generalTemplates/_sso_direct_url.md"
-
-# Entra ID (AzureAD)
-
-Follow this step-by-step guide to configure the integration between Port and Azure AD using a SAML application
-
-:::info
-In order to complete the process you will need to contact us to receive the information you require, as well as the information Port requires from you. All is elaborated below in the following section.
-
-:::
-
-## Port-AzureAd integration benefits
-
-- Connect to the Port application via an AzureAD app.
-- Your AzureAD teams will be automatically synced with Port upon a user sign-in.
-- Set granular permissions on Port according to your AzureAD groups.
-
-## Register a new application and generate the required credentials
-
-1. Head to your Azure portal and enter the Entra ID portal.
-2. Click on `Enterprise Applications` and create a new application.
-3. Click on `Create your own application` and select `Integrate any other application you don't find in the gallery (Non-gallery)`.
-4. In the getting started section, select the `Set up Single Sign On` button, and choose the SAML method.
-5. Edit the Basic SAML Configuration (step 1) and add the following information (Reach out to Port to receive your `{CONNECTION_NAME}` value):
- 
- * Identifier (Entity ID): `urn:auth0:port-prod:{CONNECTION_NAME}`
- * Reply URL (Assertion Consumer Service URL): `https://auth.getport.io/login/callback?connection={CONNECTION_NAME}`
- * Logout URL (This is optional): `https://auth.getport.io/logout`
-
-:::info
-The details listed are for organizations hosted in EU.
-
-For US, you will need to use `https://auth.us.getport.io/login/callback?connection={CONNECTION_NAME}` and `https://auth.us.getport.io/logout`.
-:::
-6. In the `Single sign-on` tab, head to the 2nd section (Attributes & Claims), Click on `Edit` and add a new claim:
- - `Name`: `email_verified`
- - `Source attribute`: `user.accountenabled`
-7. Under `SAML certificates` (step 3), Click the Edit button to expand the certificates section. Click the 3 dot icon next to the Active certificate, and choose `PEM certificate download`.
-
-Send the **PEM certificate file** along with the **Login URL** (Which can be found in the Single Sign-on section, Card 4 (Set up)) to Port.
-
- 
-
-After that, Port will provide you with a metadata XML file for your connection.
-
-At the top of the SAML configuration page, click on the `upload metadata file` button and upload the file provided to you by Port to complete the connection configuration.
-
-
-
-## Expose groups
-
-In order to expose your Azure groups to Port via the application, do the following:
-1. Head to the `Single sign on` section in the application configuration, and edit the `Attributes & Claims`.
-2. Press the `Add a group claim` button
-3. Select `Groups assigned to the application` and in the source attribute select `Cloud-only group display names`.
-4. Assign the relevant groups you want to expose to the application, these will be ingested into Port as teams you can use to manage user permissions and RBAC in your Port account.
-
-Alternatively, if you are syncing your groups from an on-prem AD into Entra, configure the group claim like so (sAMAccountName as source attribute, and box checked):
-
-
-
-
diff --git a/docs/sso-rbac/sso-providers/saml/google-workspace.md b/docs/sso-rbac/sso-providers/saml/google-workspace.md
deleted file mode 100644
index 7df0f19ceb..0000000000
--- a/docs/sso-rbac/sso-providers/saml/google-workspace.md
+++ /dev/null
@@ -1,171 +0,0 @@
----
-title: "Google Workspace"
-sidebar_position: 4
-description: Integrate Google Workspace with Port using SAML
----
-
-import Image from "@theme/IdealImage";
-import webAndMobile from "/static/img/sso/google-workspace/webAndMobile.png"
-import addSamlApp from "/static/img/sso/google-workspace/addSamlApp.png"
-import appNameAndIcon from "/static/img/sso/google-workspace/appNameAndIcon.png"
-import urlAndCert from "/static/img/sso/google-workspace/urlAndCert.png"
-import ACSandEntity from "/static/img/sso/google-workspace/ACSandEntity.png"
-import SSOandCert from "/static/img/sso/google-workspace/SSOandCert.png"
-import attributeMapping from "/static/img/sso/google-workspace/attributeMapping.png"
-import userAccessInApp from "/static/img/sso/google-workspace/userAccessInApp.png"
-import turnAccessOn from "/static/img/sso/google-workspace/turnAccessOn.png"
-import loginUsingApp from "/static/img/sso/google-workspace/loginUsingApp.png"
-import acsURLandEntityID from "/static/img/sso/google-workspace/acsURLandEntityID.png"
-import DirectUrl from "/docs/generalTemplates/_sso_direct_url.md"
-
-# Google Workspace
-
-Follow this step-by-step guide to configure the integration between Port and Google Workspace.
-
-:::info
-In order to complete the process you will need to contact us to receive the information you require, as well as the information Port requires from you. All is elaborated below.
-
-:::
-
-## Port-Google Workspace integration benefits
-
-- Connect to the Port application via your Google Workspace Application.
-- Your Google Workspace teams will be automatically synced with Port upon a user sign-in.
-- Set granular permissions on Port according to your Google Workspace groups.
-
-## Create your Google Workspace application
-
-1. In the [Google Admin Console](https://admin.google.com/), in the sidebar menu, navigate to **Apps** -> **Web and mobile apps**:
-
-
-
-
-
-
-
-
-
-2. Click on `Add app` followed by `Add custom SAML app`:
-
-
-
-
-
-
-
-
-
-3. Define the initial Port application settings:
-
- 1. `App name`: Insert a name of your choice for the Port app, like `Port`.
- 2. Add an `App icon` (optional):
-
-
- Port Logo
-
- 
-
-
-
- 3. Press `Continue`
-
-
-
-
-
-
-
-
-
-4. Take note of the following:
- 1. Your `SSO URL`;
- 2. Your `Certificate`.
-
-
-
-
-
-
-
-
-
-Pass these to Port.
-
-Press `Continue`.
-
-5. Configure your new application as shown below:
-
-- `ACS URL` - `https://auth.getport.io/login/callback?connection={CONNECTION_NAME}`
-- `Entity ID` - `urn:auth0:port-prod:{CONNECTION_NAME}`
-
-:::note
-We will provide your `{CONNECTION_NAME}` (Contact us using chat/Slack/mail to [support.port.io](http://support.port.io/)).
-:::
-
-Press `Continue`
-
-
-
-
-
-
-
-
-
-6. Create the following mappings (email_verified needs to be a constant for all users, with the value `true` ):
-
-_Google Directory attributes_:
-
-- **`Primary email`** -> `email`
-- **`First name`** -> `name`
-- **`email_verified`** -> `email_verified`
-
-_Google membership_ (optional): This mapping is only relevant if you wish to pass groups to Port.
-
-- **`Google Groups`**(list) -> `groups`
-
-Press `Finish`
-
-
-
-
-
-
-
-
-
-7. Specify permissions to the application:
-
-After creating the app, you need to set up permissions for who has access to this application.
-
-Navigate to your your new application's page, and click **User access**:
-
-
-
-
-
-
-
-
-
-Then choose from the left side menu, either to enable the app for `Everyone`, for `Groups` or for `Organizational units`.
-
-Make sure that for any of the options you would like to enable the app for, you check the `ON` checkbox:
-
-
-
-
-
-
-
-
-
-7. Log in with using your new Google app:
-
-
-
-
-
-
-
-
diff --git a/docs/sso-rbac/sso-providers/saml/jumpcloud.md b/docs/sso-rbac/sso-providers/saml/jumpcloud.md
deleted file mode 100644
index 52d8ae810a..0000000000
--- a/docs/sso-rbac/sso-providers/saml/jumpcloud.md
+++ /dev/null
@@ -1,171 +0,0 @@
----
-title: "JumpCloud"
-sidebar_position: 3
-description: Integrate JumpCloud with Port using SAML
----
-
-import DirectUrl from "/docs/generalTemplates/_sso_direct_url.md"
-
-# JumpCloud
-
-Follow this step-by-step guide to configure the integration between Port and JumpCloud.
-
-:::info
-In order to complete the process you will need to contact Port to deliver and receive information, as detailed in the guide below.
-:::
-
-## Port-JumpCloud integration benefits
-
-- Connect to the Port application via a JumpCloud app;
-- Your JumpCloud teams will be automatically synced with Port, upon user sign-in;
-- Set granular permissions on Port according to your JumpCloud user groups.
-
-## How to configure the JumpCloud app integration for Port
-
-### Step #1: Create a new JumpCloud application
-
-1. In the Admin Portal, go to User Authentication -> SSO.
-2. Click `Add New Application`.
-
-
-
-3. In the search box type **Auth0**:
-
-
-
-4. Define the initial Port application settings:
-
- 1. `Display Label`: Insert a name of your choice for the Port app, like `Port`.
- 2. Add an icon (optional):
-
-
- Port Logo
-
- 
-
-
-
- 3. **(Optional)** In the SSO tab, change the default IDP URL suffix.
- 
-
-Click `activate`.
-
-5. Click on the newly created application.
-
- 1. Download the IDP Certificate:
- 
-
- 2. Copy the `IDP URL` from the SSO tab
- 
-
-6. Via chat/Slack/mail to [support.port.io](http://support.port.io/), provide Port with the downloaded `certificate.pem` file, and the copied `IDP URL`.
-
-:::note
-After providing the `certificate.pem` file and the the `IDP URL` to Port, you will be provided with you with your `{CONNECTION_NAME}`. Replace the following occurrences with the provided value.
-:::
-
-:::tip
-Most of the following steps involve editing the initial Port app you created. Keep in mind you can always go back to it by opening the admin console and going to User Authentication -> SSO, the Port app will appear in the application list.
-:::
-
-### Step #2: Configure your JumpCloud application
-
-In the Port app, go to the `SSO` menu and follow these steps:
-
-1. Under `IdP Entity ID:` paste the following URL: `https://auth.getport.io`
-
-2. Under `SP Entity ID:` set: `urn:auth0:port-prod:{CONNECTION_NAME}`.
-
-3. Under `ACS URLs`, set: `https://auth.getport.io/login/callback?connection={CONNECTION_NAME}`
-
-
-
-Click `Save`.
-
-### Step #3: Add user attributes to the app configuration
-
-The `family_name` and `given_name` attributes are required. These are used by Port to show the full name of a logged in user. To create these attributes follow these steps:
-
-:::note
-The `email` user attribute is created by default when creating the app.
-Make sure the switch next to the `email` field is set to `on`.
-:::
-
-1. In the Port app, go to the `SSO` tab, under the **User Attribute Mapping** section:
-2. Click on `add attribute`.
-3. Set the `Service Provider Attribute Name` to `given_name`
-4. In the `Value` field enter the value: `firstname`
-5. Click on `add attribute` again.
-6. Set the `Service Provider Attribute Name` to `family_name`
-7. In the `Value` field enter the value: `lastname`
-
-
-
-
-### Step #4: Add `email_verified` constant attribute to the Port App
-
-The use of Auth0 requires that JumpCloud passes to Port an `email_verified` field upon user login. JumpCloud does not store and expose that field by default, so in this step, you are going to configure that field and apply it to all users in your JumpCloud account.
-
-1. In the Port app, go to the `SSO` tab, under the **Constant Attributes** section:
-2. Click on `add attribute`.
-3. Set the `Service Provider Attribute Name` to `email_verified`
-4. In the `Value` field enter the value: `true`
-
-
-
-:::note
-It is also possible to manually change the value of the `email_verified` field to `true` for each user that requires access to Port in your organization. However, granting access manually to a large number of users is not scalable.
-:::
-
-### Step #5: Exposing the application to your organization
-
-1. In the Port app, go to the `User Groups` tab.
-2. Select the user groups you want to expose the Port app to:
-
- 
-
-3. Click `Save`.
-
-After completing these steps, users with roles that the Port app was assigned to, will see the Port app in their Portal and upon clicking it, will be logged in to Port:
-
-
-
-
-
----
-
-## How to allow pulling JumpCloud Groups to Port
-
-:::note
-This stage is **OPTIONAL** and is required only if you wish to pull all of your JumpCloud Groups into Port inherently.
-
-**Benefit:** managing permissions and user access on Port.
-**Outcome:** for every user that logs in, we will automatically get their associated JumpCloud Groups, according to your definition in the settings below.
-:::
-
-To allow automatic Groups Groups support in Port, please follow these steps:
-
-1. In the Port app, go to the `SSO` tab, under the **Group Attributes** section
-
-2. Check the `include group attributes` box
-
-3. Set the group attributes' name: `memberOf`
-
-
-
-4. Click `Save`.
-
-
-
\ No newline at end of file
diff --git a/docs/sso-rbac/sso-providers/saml/okta.md b/docs/sso-rbac/sso-providers/saml/okta.md
deleted file mode 100644
index f6556789d0..0000000000
--- a/docs/sso-rbac/sso-providers/saml/okta.md
+++ /dev/null
@@ -1,114 +0,0 @@
----
-title: "Okta (SAML)"
-sidebar_position: 2
-description: Integrate Okta with Port using SAML
----
-
-import ScimFunctionality from "/docs/sso-rbac/sso-providers/_scim_functionality_list.mdx"
-import DirectUrl from "/docs/generalTemplates/_sso_direct_url.md"
-
-# Okta
-
-Follow this step-by-step guide to configure the integration between Port and Okta using a SAML application.
-
-:::info Port support
-To complete the process, you will need to contact us to receive the necessary information and provide the details Port requires from you.
-
-The Port team will provide you with your `CONNECTION_NAME`, which will be used in the SSO application's configuration.
-:::
-
-## Port-Okta integration benefits
-
-- Connect to the Port application via an Okta app.
-- Your Okta groups will be automatically synced with Port upon a user sign-in.
-- Set granular permissions on Port according to your Okta groups.
-
-## Register a new application and generate the required credentials
-
-1. Sign in to your Okta Admin Console.
-
-2. Navigate to `Applications` and click on `Applications` again.
-
-3. Click on the `Create App Integration` button.
-
-4. In the pop-up, select `SAML 2.0` and click on `Next`.
-
-5. In the `General Settings`, enter a name for the application and click on `Next`.
-
-6. On the `Configure SAML` page, under `SAML Settings`, you will need to fill in some details:
- - **Single sign on URL**: `https://auth.getport.io/login/callback?connection={CONNECTION_NAME}`
- - **Audience URI (SP Entity ID)**: `urn:auth0:port-prod:{CONNECTION_NAME}`
-
-7. Scroll down to the `Attribute Statements (Optional)` section and add the following:
- - `email`, with the `Value` set to `user.email`
- - `given_name`, with the `Value` set to `user.firstName`
- - `family_name`, with the `Value` set to `user.lastName`
- - `email_verified`, with the `Value` set to `true`
-
-8. Click `Next` and then `Finish` to create the application.
-
-## Generate a Certificate and Send to Port
-
-To secure the SAML integration, you need to generate a certificate and send it to Port:
-
-1. In the Okta Admin Console, navigate to `Applications`, and select the newly created SAML application.
-
-2. Go to the `Sign On` tab and scroll down to the `SAML Signing Certificates` section.
-
-3. Click on `Generate new certificate`.
-
-4. In the dialog, specify the certificate details such as the name and duration, then click `Generate`.
-
-5. After generating the certificate, download it by clicking on the `Actions` button next to the new certificate and selecting `Download certificate`. Choose the `PEM` format.
-
-6. Send the **PEM certificate file** along with the **Identity Provider metadata URL** (available in the `Sign On` tab) to Port.
-
-
-
-## Expose Groups
-
-To expose your Okta groups to Port via the application, follow these steps:
-
-1. In the `General` tab of your Okta application, click `Edit`.
-
-2. Scroll down to the `Group Attribute Statements` section.
-
-3. Add a group attribute using the following settings:
- - **Name**: `groups`
- - **Filter**: `Regex`
- - **Value**: Use a regular expression that matches the groups you wish to send to Port (e.g., `.*` for all groups or a specific pattern).
-
-4. Save your changes.
-
-These groups will be ingested into Port as teams, enabling you to manage user permissions and RBAC in your Port account.
-
-
\ No newline at end of file
diff --git a/docs/sso-rbac/sso-providers/saml/saml.md b/docs/sso-rbac/sso-providers/saml/saml.md
deleted file mode 100644
index f8f618b5cb..0000000000
--- a/docs/sso-rbac/sso-providers/saml/saml.md
+++ /dev/null
@@ -1,48 +0,0 @@
----
-title: "SAML"
-sidebar_position: 1
-description: Integrate any SSO with Port using SAML application
----
-
-
-
-import DocCardList from '@theme/DocCardList';
-
-This documentation will describe the process of integrating a SAML application with Port, along with some examples for specific identity providers.
-
-In order to integrate Port with a SAML SSO application, you will need to do the following:
-
-1. Create a new SAML application in your identity provider.
-2. Share with us the following information about your SSO application: X509 certificate (`.pem` file) and Signin URL (as defined in the application).
-3. Port will provide you with a metadata XML file that you can upload in the SAML application to complete the connection.
-4. Update the application with the following attributes (Port expects the IdP to send the following attributes and their values in the authentication request, for example: `firstname` is the attribute in the IdP provider, and `given_name` is the key Port expects to receive that data in the authorization mapping):
- - User attribute mappings - `target attribute name (Port)`: `source attribute name (SSO app)`:
- - `email`: `email`
- - `given_name`: `firstname`
- - `family_name`: `lastname`
- - Constant attributes:
- - `email_verified`: `true`
-
-If your login provider does not support metadata files, use the following information:
-
-- IdP EntityID: `https://auth.getport.io`
-- SP EntityID: The EntityDescriptor field in the XML, looks like : `urn:auth0:port-prod:{CONNECTION_NAME}` where the `{CONNECTION_NAME}` is the connection name as provided to you by Port.
-- callback URL: The AssertionConsumerService binding field in the XML, looks like: `https://auth.getport.io/login/callback?connection={CONNECTION_NAME}` where the `{CONNECTION_NAME}` is the connection name as provided to you by Port.
-
-
-
-
\ No newline at end of file
diff --git a/docs/sso-rbac/sso-providers/sso-providers.md b/docs/sso-rbac/sso-providers/sso-providers.md
deleted file mode 100644
index ed8fdebf8d..0000000000
--- a/docs/sso-rbac/sso-providers/sso-providers.md
+++ /dev/null
@@ -1,9 +0,0 @@
-# SSO providers
-
-import DocCardList from '@theme/DocCardList';
-
-Port offers several SSO integrations, allowing you to easily assign permissions and roles using your users and teams.
-
-In order to get started with our SSO integrations, select the one you are currently using from the list below:
-
-
diff --git a/docs/sso-rbac/users-and-teams/manage-users-teams.md b/docs/sso-rbac/users-and-teams/manage-users-teams.md
index 653e9d685c..ada067349b 100644
--- a/docs/sso-rbac/users-and-teams/manage-users-teams.md
+++ b/docs/sso-rbac/users-and-teams/manage-users-teams.md
@@ -34,7 +34,7 @@ There are several ways to manage users and teams in Port:
- Via the [Users & Teams page](https://app.getport.io/settings/users) in your portal.
This page allows you to view/delete/invite users, assign roles, and manage teams.
- Via Port's [API](https://docs.getport.io/api-reference/get-all-users-in-your-organization).
-- By integrating with your [identity provider (IdP)](/sso-rbac/sso-providers/) to sync users and teams from your organization.
+- By integrating with your [identity provider (IdP)](/sso-rbac/self-serve-sso) to sync users and teams from your organization.
## Roles & permissions
diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md
index 053eb59547..2690c4a64b 100644
--- a/docs/troubleshooting.md
+++ b/docs/troubleshooting.md
@@ -90,7 +90,7 @@ In any case, after 7 days you will need to login again.
Answer (click to expand)
-1. Set up the Application in your SSO dashboard. You can find the documentation for each supported provider [here](https://docs.port.io/sso-rbac/sso-providers/).
+1. Set up the application in your SSO dashboard by following the [manage your SSO connection](/sso-rbac/self-serve-sso) documentation.
2. Reach out to us with the required credentials in order to complete the set up.
3. After completing the set up, Port will provide you with the `CONNECTION_NAME`. Head back to the documentation and replace it where needed.
diff --git a/static/img/sso/self-serve/sso-connection-ready.png b/static/img/sso/self-serve/sso-connection-ready.png
new file mode 100644
index 0000000000..c132946725
Binary files /dev/null and b/static/img/sso/self-serve/sso-connection-ready.png differ
diff --git a/static/img/sso/self-serve/sso-status-failed.png b/static/img/sso/self-serve/sso-status-failed.png
new file mode 100644
index 0000000000..07f4f81993
Binary files /dev/null and b/static/img/sso/self-serve/sso-status-failed.png differ
diff --git a/static/img/sso/self-serve/sso-status-pending.png b/static/img/sso/self-serve/sso-status-pending.png
new file mode 100644
index 0000000000..246ce23374
Binary files /dev/null and b/static/img/sso/self-serve/sso-status-pending.png differ
diff --git a/static/img/sso/self-serve/sso-status-success.png b/static/img/sso/self-serve/sso-status-success.png
new file mode 100644
index 0000000000..0733c6e130
Binary files /dev/null and b/static/img/sso/self-serve/sso-status-success.png differ