Task t68ak9/add sssso feature documentation

docs/guides/_implementation-guide/plan/prepare-for-building.md

@@ -32,7 +32,7 @@ Read more about roles and permissions [here](https://docs.port.io/sso-rbac/users
 
 ## Configure SSO
 
-Select the relevant [SSO provider](/sso-rbac/sso-providers/) and follow the instructions to set it up.
+Follow the SSO configuration steps in the [manage your SSO connection](/sso-rbac/self-serve-sso) documenation to set it up.
 
 :::info Enterprise feature
 Note that SSO support is an enterprise feature. If you are using the free tier, you can skip this step.

docs/integrations-index.md

@@ -53,7 +53,7 @@ This page contains a list of Port's available integrations, organized by the pla
 ### Azure
 
 - [Azure exporter](/build-your-software-catalog/sync-data-to-catalog/cloud-providers/azure/azure.md)
-- [Azure Active Directory (AD) SSO](/sso-rbac/sso-providers/oidc/azure-ad.md)
+- [Azure Active Directory (AD) SSO](/sso-rbac/self-serve-sso)
 - [Map resource groups, storage groups, compute resources database resources and more](/build-your-software-catalog/sync-data-to-catalog/cloud-providers/azure/resource_templates/resource_templates.md)
 - [Add tags to Azure resources](/guides/all/tag-azure-resource)
 
@@ -320,12 +320,7 @@ This page contains a list of Port's available integrations, organized by the pla
 
 ## SSO
 
-- [Okta SSO](/sso-rbac/sso-providers/oidc/okta.md)
-- [OneLogin SSO](/sso-rbac/sso-providers/oidc/onelogin.md)
-- [JumpCloud SSO](/sso-rbac/sso-providers/saml/jumpcloud.md)
-- [Google workspace SSO](/sso-rbac/sso-providers/saml/google-workspace.md)
-- [Azure Active Directory (AD) SSO OIDC](/sso-rbac/sso-providers/oidc/azure-ad.md)
-- [Azure Active Directory (AD) SSO SAML](/sso-rbac/sso-providers/saml/azure-ad.md)
+- [Manage your SSO connection](/sso-rbac/self-serve-sso)
 
 ## StackHawk
 

docs/security.md

@@ -201,7 +201,7 @@ In addition to password login and social login, multi-factor authentication (MFA
 
 ### Single sign-on (SSO)
 
-Port integrates with all major [SSO providers](/sso-rbac/sso-providers/), allowing you to seamlessly import users and teams, and also exposing Port to your organization in a managed manner.
+Port integrates with all major [SSO providers](/sso-rbac/self-serve-sso), allowing you to seamlessly import users and teams, and also exposing Port to your organization in a managed manner.
 
 Port supports SSO using the OIDC protocol and the SAML 2.0 protocol, and as such supports all modern Identity Providers.
 

docs/sso-rbac/ownership.md

@@ -1,5 +1,5 @@
 ---
-sidebar_position: 4
+sidebar_position: 5
 ---
 
 import Tabs from '@theme/Tabs';

docs/sso-rbac/port-secrets/_category_.json

@@ -1,4 +1,4 @@
 {
   "label": "Port secrets",
-  "position": 4
+  "position": 6
 }

docs/sso-rbac/self-serve-sso.md

@@ -0,0 +1,111 @@
+---
+title: "Manage your SSO connection"
+sidebar_position: 4
+description: Set up and manage SSO for your organization directly from the portal
+---
+
+# Manage your SSO connection
+
+Port allows company admins to configure SSO (Single Sign-On) directly from the portal.  
+This self-serve flow guides you through connecting your identity provider (IdP) to Port.
+
+## Prerequisites
+
+- This feature is available for **enterprise accounts** only.
+- Your account must have migrated to [multi-organization](/sso-rbac/multi-organization).
+- You must be a **company admin** to configure SSO.
+- You need access to your identity provider's admin console to create and configure applications.
+
+## Setup
+
+Follow these steps to configure SSO for your company:
+
+### Step 1: Initiate the SSO setup
+
+1. Go to the [Builder page](https://app.getport.io/settings/data-model) of your portal.
+2. Click on **Organization settings** in the left sidebar.
+3. Navigate to the **SSO** tab.
+4. Click the **Set up SSO connection** button.
+
+:::info URL validity
+A unique SSO setup link will be generated for you, it will be valid for 5 hours after you first open it, or 5 days if you don't open it. You can copy and save the link to complete the setup later.
+:::
+
+### Step 2: Configure your identity provider
+
+After clicking the setup button, you will be guided to configure the SSO connection. The following identity providers are supported:
+
+- Okta
+- Entra ID
+- Keycloak
+- ADFS
+- Google Workspace
+- PingFederate
+- Custom SAML
+- Custom OIDC
+
+The setup process is fully guided by Auth0's self-service assistant, which walks you through each step including creating an application in your IdP, configuring the connection, mapping claims, and testing the SSO integration. For a detailed example walkthrough of the assistant flow, see the [Auth0 Self-Service SSO documentation](https://auth0.com/docs/authenticate/enterprise-connections/self-service-SSO#example-self-service-assistant-flow).
+
+Complete the configuration in your identity provider's admin console following the on-screen instructions.
+
+### Step 3: Monitor the connection status
+
+While configuring your IdP, the Port UI displays the current status of your SSO connection:
+
+| Status indicator | Description |
+| :----------------: | ----------- |
+| <img src="/img/sso/self-serve/sso-status-pending.png" width="50px" border='1px' style={{borderRadius:'6px'}}/> | The setup process is in progress or hasn't been verified yet. |
+| <img src="/img/sso/self-serve/sso-status-success.png" width="50px" border='1px' style={{borderRadius:'6px'}}/> | The SSO connection was successfully created and verified. |
+| <img src="/img/sso/self-serve/sso-status-failed.png" width="50px" border='1px' style={{borderRadius:'6px'}}/> | The SSO connection setup failed. See the [troubleshooting](#troubleshooting) section below for resolution options. |
+
+Once you have completed the configuration in your identity provider, click the **Setup is Done** button in Port to indicate that the process is finished.
+
+## Manage the connection
+
+After the SSO connection is successfully established, you can configure the following options:
+
+<img src="/img/sso/self-serve/sso-connection-ready.png" width="50%" border='1px' style={{borderRadius:'6px'}}/>
+
+1. **Set group filters** - Click `Set Group Filters` to control which IdP groups sync into Port teams. You can use regular expressions (RegEx) to define allowed and blocked group patterns.
+
+   :::info Group filter playground
+   The group filter configuration in Port is a playground for testing your RegEx patterns. It does not modify the actual groups in your IdP - group management should always be done in your identity provider's admin console. Groups that are already synced to Port will appear by default in the playground, allowing you to test how your filters would affect them.
+   :::
+
+2. **Block social login for domains** - Your configured domains are displayed here. You can toggle social login blocking per domain. When enabled for a domain, users with email addresses from that domain must sign in through your SSO provider and cannot use social login methods (such as Google or GitHub sign-in). To add more domains, use `Edit Connection`.
+
+3. **Session settings** - Click `Session Settings` to configure session timeout settings for your SSO users. You can set the following:
+   - **Max session TTL** - The maximum session duration in minutes.
+   - **Idle session TTL** - The idle timeout duration in minutes before a session expires due to inactivity.
+
+4. **Edit connection** - Click `Edit Connection` to open the Auth0 management interface where you can modify your SSO configuration, including adding or managing domains associated with your SSO connection.
+
+## Limitations
+
+- Terraform is not supported for self-serve SSO setup.
+
+## Troubleshooting
+
+If you click `Setup is Done` and encounter an error, use the following table to identify and resolve the issue:
+
+| Error | Cause | Resolution |
+| ----- | ----- | ---------- |
+| Connection not created | The SSO connection was not created successfully. | Click **Start Again** to generate a new setup URL and repeat the configuration process. |
+| Mapping failed | The connection mapping failed. | Click **Edit Connection** to review and fix the configuration. |
+| Linking failed | The SSO provider is connected, but linking to the company in Port failed. | Contact [Port's support team](http://support.port.io/) for assistance. |
+
+## FAQ
+
+<details>
+<summary><b>Can we use multiple SSO providers (e.g., Okta and Azure)? (click to expand)</b></summary>
+
+No. Port supports only one SSO provider per company at a time.
+
+</details>
+
+<details>
+<summary><b>How do we switch providers (e.g., from Okta to Azure)? (click to expand)</b></summary>
+
+You need to **delete** the existing connection and start the setup process from the beginning. There is no migration path between SSO providers.
+
+</details>