diff --git a/src/current/_data/releases.yml b/src/current/_data/releases.yml
index 32b599a5022..acf975f7bf8 100644
--- a/src/current/_data/releases.yml
+++ b/src/current/_data/releases.yml
@@ -6888,3 +6888,65 @@
docker_arm_limited_access: false
source: true
previous_release: v23.1.27
+ cloud_only: true
+ cloud_only_message_short: 'Available only for select CockroachDB Cloud clusters'
+ cloud_only_message: >
+ This version is currently available only for select
+ CockroachDB Cloud clusters. To request to upgrade
+ a CockroachDB self-hosted cluster to this version,
+ [contact support](https://support.cockroachlabs.com/hc/requests/new).
+
+- release_name: v24.3.0-alpha.2
+ major_version: v24.3
+ release_date: '2024-10-14'
+ release_type: Testing
+ go_version: go1.22.5
+ sha: 58c475d67e32b75284b4fe293bff82807c3d129d
+ has_sql_only: true
+ has_sha256sum: true
+ mac:
+ mac_arm: true
+ mac_arm_experimental: true
+ mac_arm_limited_access: false
+ windows: true
+ linux:
+ linux_arm: true
+ linux_arm_experimental: false
+ linux_arm_limited_access: false
+ linux_intel_fips: true
+ linux_arm_fips: false
+ docker:
+ docker_image: cockroachdb/cockroach-unstable
+ docker_arm: true
+ docker_arm_experimental: false
+ docker_arm_limited_access: false
+ source: true
+ previous_release: v24.3.0-alpha.1
+
+
+- release_name: v24.3.0-alpha.2
+ major_version: v24.3
+ release_date: '2024-10-14'
+ release_type: Testing
+ go_version: go1.23.2
+ sha: 45b47f90445fdb0e0c8e07df863c3bbe17daa491
+ has_sql_only: true
+ has_sha256sum: true
+ mac:
+ mac_arm: true
+ mac_arm_experimental: true
+ mac_arm_limited_access: false
+ windows: true
+ linux:
+ linux_arm: true
+ linux_arm_experimental: false
+ linux_arm_limited_access: false
+ linux_intel_fips: true
+ linux_arm_fips: false
+ docker:
+ docker_image: cockroachdb/cockroach-unstable
+ docker_arm: true
+ docker_arm_experimental: false
+ docker_arm_limited_access: false
+ source: true
+ previous_release: v24.3.0-alpha.1-218-g58c475d67e3
diff --git a/src/current/_includes/releases/v24.3/v24.3.0-alpha.1.md b/src/current/_includes/releases/v24.3/v24.3.0-alpha.1.md
index ddf7e7e4e0b..547e49fa121 100644
--- a/src/current/_includes/releases/v24.3/v24.3.0-alpha.1.md
+++ b/src/current/_includes/releases/v24.3/v24.3.0-alpha.1.md
@@ -22,9 +22,8 @@ Release Date: October 9, 2024
- CockroachDB will now avoid [logging]({% link v24.3/logging.md %}) unnecessary stack traces while executing [scheduled jobs]({% link v24.3/show-jobs.md %}). [#129846][#129846]
- Upgrading to 24.3 is blocked if no [license]({% link v24.3/licensing-faqs.md %}) is installed, or if a trial/free license is installed with telemetry disabled. [#130576][#130576]
-- Changed the license `cockroach` is distributed under to the new CockroachDB Software License. [#131661][#131661]
- Attempting to install a second Enterprise trial license on the same cluster will now fail. [#131422][#131422]
-- Changed the license `cockroach` is distributed under to the new CockroachDB Software License (CSL). [#131690][#131690] [#131686][#131686] [#131688][#131688] [#131687][#131687] [#131717][#131717] [#131689][#131689] [#131693][#131693] [#131691][#131691] [#131777][#131777] [#131778][#131778]
+- Changed the license `cockroach` is distributed under to the new CockroachDB Software License (CSL). [#131690][#131690] [#131686][#131686] [#131688][#131688] [#131687][#131687] [#131717][#131717] [#131689][#131689] [#131693][#131693] [#131691][#131691] [#131777][#131777] [#131778][#131778] [#131661][#131661]
{{ site.data.products.enterprise }} edition changes
@@ -38,9 +37,9 @@ Release Date: October 9, 2024
{% include_cached copy-clipboard.html %}
~~~ sql
- # TYPE DATABASE USER ADDRESS METHOD OPTIONS
- # Allow all users to connect to using LDAP authentication with search and bind host all all all ldap ldapserver=ldap.example.com ldapport=636 "ldapbasedn=ou=users,dc=example,dc=com" "ldapbinddn=cn=readonly,dc=example,dc=com" ldapbindpasswd=readonly_password ldapsearchattribute=uid "ldapsearchfilter=(memberof=cn=cockroachdb_users,ou=groups,dc=example,dc=com)" "ldapgrouplistfilter=(objectClass=groupOfNames)"
- # Fallback to password authentication for the root user
+ # TYPE DATABASE USER ADDRESS METHOD OPTIONS
+ # Allow all users to connect to using LDAP authentication with search and bind host all all all ldap ldapserver=ldap.example.com ldapport=636 "ldapbasedn=ou=users,dc=example,dc=com" "ldapbinddn=cn=readonly,dc=example,dc=com" ldapbindpasswd=readonly_password ldapsearchattribute=uid "ldapsearchfilter=(memberof=cn=cockroachdb_users,ou=groups,dc=example,dc=com)" "ldapgrouplistfilter=(objectClass=groupOfNames)"
+ # Fallback to password authentication for the root user
host all root 0.0.0.0/0 password
~~~
@@ -48,7 +47,7 @@ Release Date: October 9, 2024
{% include_cached copy-clipboard.html %}
~~~ sql
- SET cluster setting server.host_based_authentication.configuration = 'host all all all ldap ldapserver=azure.dev ldapport=636 "ldapbasedn=OU=AADDC Users,DC=azure,DC=dev" "ldapbinddn=CN=Some User,OU=AADDC Users,DC=azure,DC=dev" ldapbindpasswd=my_pwd ldapsearchattribute=sAMAccountName "ldapsearchfilter=(memberOf=CN=azure-dev-domain-sync-users,OU=AADDC Users,DC=crlcloud,DC=dev)" "ldapgrouplistfilter=(objectCategory=CN=Group,CN=Schema,CN=Configuration,DC=crlcloud,DC=dev)"
+ SET cluster setting server.host_based_authentication.configuration = 'host all all all ldap ldapserver=azure.dev ldapport=636 "ldapbasedn=OU=AADDC Users,DC=azure,DC=dev" "ldapbinddn=CN=Some User,OU=AADDC Users,DC=azure,DC=dev" ldapbindpasswd=my_pwd ldapsearchattribute=sAMAccountName "ldapsearchfilter=(memberOf=CN=azure-dev-domain-sync-users,OU=AADDC Users,DC=crlcloud,DC=dev)" "ldapgrouplistfilter=(objectCategory=CN=Group,CN=Schema,CN=Configuration,DC=crlcloud,DC=dev)"
host all root 0.0.0.0/0 password';
~~~
@@ -116,7 +115,7 @@ Release Date: October 9, 2024
`kvadmission.flow_controller.regular_requests_errored` | `kvflowcontrol.eval_wait.regular.requests.errored`
`kvadmission.flow_controller.elastic_requests_errored` | `kvflowcontrol.eval_wait.elastic.requests.errored`
`kvadmission.flow_controller.regular_requests_bypassed` | `kvflowcontrol.eval_wait.regular.requests.bypassed`
- `kvadmission.flow_controller.elastic_requests_bypassed` | `kvflowcontrol.eval_wait.elastic.requests.bypassed`
+ `kvadmission.flow_controller.elastic_requests_bypassed` | `kvflowcontrol.eval_wait.elastic.requests.bypassed`
`kvadmission.flow_controller.regular_wait_duration` | `kvflowcontrol.eval_wait.regular.duration`
`kvadmission.flow_controller.elastic_wait_duration` | `kvflowcontrol.eval_wait.elastic.duration`
@@ -343,4 +342,4 @@ Release Date: October 9, 2024
[#131717]: https://github.com/cockroachdb/cockroach/pull/131717
[#131777]: https://github.com/cockroachdb/cockroach/pull/131777
[#131778]: https://github.com/cockroachdb/cockroach/pull/131778
-[#93067]: https://github.com/cockroachdb/cockroach/pull/93067
\ No newline at end of file
+[#93067]: https://github.com/cockroachdb/cockroach/pull/93067
diff --git a/src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md b/src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md
new file mode 100644
index 00000000000..fa00bc61c4e
--- /dev/null
+++ b/src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md
@@ -0,0 +1,94 @@
+## v24.3.0-alpha.2
+
+Release Date: October 14, 2024
+
+{% include releases/new-release-downloads-docker-image.md release=include.release %}
+
+Security updates
+
+- The parameters for an [HBA config entry]({% link v24.3/security-reference/authentication.md %}#hba-configuration-syntax) for LDAP are now validated when the entry is created or amended, in addition to the validation that happens during an authentication attempt. [#132086][#132086]
+
+- Added automatic cleanup and validation for [default privileges]({% link v24.3/security-reference/authorization.md%}#default-privileges) that reference dropped roles after a major-version upgrade to v24.3. [#131782][#131782]
+
+General changes
+
+- Changed the license `cockroach` is distributed under to the new CockroachDB Software License (CSL). [#131799][#131799] [#131794][#131794] [#131793][#131793]
+
+{{ site.data.products.enterprise }} edition changes
+
+- You can now [authenticate to the DB console API]({% link v24.3/ui-overview.md %}#authentication) by supplying a Java Web Token (JWT) as a Bearer token in the Authorization header. [#130779][#130779]
+
+SQL language changes
+
+- To view comments on a type, you can use the new [`SHOW TYPES WITH COMMENT`]({% link v24.3/show-types.md %}#) command. Comments can be added using [`COMMENT ON`]({% link v24.3/comment-on.md %}). [#131183][#131183]
+- You can create or alter a [user-defined function (UDF)]({% link v24.3/user-defined-functions.md %}) or [stored procedure (SP)]({% link v24.3/stored-procedures.md %}) with `[EXTERNAL] SECURITY DEFINER` instead of the default `[EXTERNAL] SECURITY INVOKER`. With `SECURITY DEFINER`, the privileges of the owner are checked when the UDF or SP is executed, rather than the privileges of the executor. The `EXTERNAL` keyword is optional and exists for SQL language conformity. [#129720][#129720]
+
+Operational changes
+
+- The following new [metrics]({% link v24.3/metrics.md %}) show details about [replication]({% link v24.2/architecture/replication-layer.md %}) flow control send queue when the [cluster setting]({% link v24.3/cluster-settings.md %}) `kvadmission.flow_control.enabled` is set to `true` and the cluster setting `kvadmission.flow_control.mode` is set to `apply_to_all`.
+ - `kvflowcontrol.tokens.send.regular.deducted.prevent_send_queue`
+ - `kvflowcontrol.tokens.send.elastic.deducted.prevent_send_queue`
+ - `kvflowcontrol.tokens.send.elastic.deducted.force_flush_send_queue`
+ - `kvflowcontrol.range_controller.count`
+ - `kvflowcontrol.send_queue.bytes`
+ - `kvflowcontrol.send_queue.count`
+ - `kvflowcontrol.send_queue.prevent.count`
+ - `kvflowcontrol.send_queue.scheduled.deducted_bytes`
+ - `kvflowcontrol.send_queue.scheduled.force_flush`
+
+ [#131857][#131857]
+
+- The following ({% link v24.3/metrics.md %}) have been renamed:
+
+ Previous name | New name-
+ -------------------------------------------------|-----------
+ `kvflowcontrol.tokens.eval.regular.disconnected` | `kvflowcontrol.tokens.eval.regular.returned.disconnect`
+ `kvflowcontrol.tokens.eval.elastic.disconnected` | `kvflowcontrol.tokens.eval.elastic.returned.disconnect`
+ `kvflowcontrol.tokens.send.regular.disconnected` | `kvflowcontrol.tokens.send.regular.returned.disconnect`
+ `kvflowcontrol.tokens.send.elastic.disconnected` | `kvflowcontrol.tokens.send.elastic.returned.disconnect`
+
+ [#131857][#131857]
+
+Cluster virtualization changes
+
+- The `_status/ranges/` endpoint on DB Console [Advanced debug pages]({% link v24.3/ui-debug-pages.md %}) is now enabled for non-system virtual clusters, where it returns the ranges only for the tenant you are logged into. For the system virtual cluster, the `_status/ranges/` endpoint continues to return ranges for the specified node across all virtual clusters. [#131100][#131100]
+
+DB Console changes
+
+- Improved performance in the **Databases**, **Tables View**, and **Table Details** sections of the [**Databases page**]({% link v24.3/ui-databases-page.md %}) [#131769][#131769]
+
+Bug fixes
+
+- Fixed a bug where JSON values returned by `cockroach` commands using the `--format=sql` flag were not correctly escaped if they contained double quotes within a string. [#131881][#131881]
+- Fixed an error that could happen if an [aggregate function]({% link v24.3/functions-and-operators.md %}#aggregate-functions) was used as the value in a `SET` command. [#131891][#131891]
+- Fixed a rare bug introduced in v22.2 in which an update of a [primary key]({% link v24.3/primary-key.md %}) column could fail to update the primary index if it is also the only column in a separate column family. [#131869][#131869]
+- Fixed a rare bug where dropping a column of `FLOAT4`, `FLOAT8`, `DECIMAL`, `JSON`, `ARRAY`, or collate `STRING` type stored in a single [column family]({% link v24.3/column-families.md %}) could prevent subsequent reading of the table if the column family was not the first column family. [#131967][#131967]
+- Fixed an `unimplemented` internal error that could occur when ordering by a [`VECTOR`]({% link v24.3/vector.md %}) column. [#131703][#131703]
+
+
+
+- Efficiency has been improved when writing string-like values over the PostgreSQL wire protocol. [#131964][#131964]
+- Error handling during periodic table history polling has been improved when the `schema_locked` [table parameter]({% link v24.3/with-storage-parameter.md %}#table-parameters) is not used. [#131951][#131951]
+
+[#129720]: https://github.com/cockroachdb/cockroach/pull/129720
+[#130779]: https://github.com/cockroachdb/cockroach/pull/130779
+[#131183]: https://github.com/cockroachdb/cockroach/pull/131183
+[#131703]: https://github.com/cockroachdb/cockroach/pull/131703
+[#131714]: https://github.com/cockroachdb/cockroach/pull/131714
+[#131769]: https://github.com/cockroachdb/cockroach/pull/131769
+[#131782]: https://github.com/cockroachdb/cockroach/pull/131782
+[#131793]: https://github.com/cockroachdb/cockroach/pull/131793
+[#131794]: https://github.com/cockroachdb/cockroach/pull/131794
+[#131799]: https://github.com/cockroachdb/cockroach/pull/131799
+[#131805]: https://github.com/cockroachdb/cockroach/pull/131805
+[#131827]: https://github.com/cockroachdb/cockroach/pull/131827
+[#131857]: https://github.com/cockroachdb/cockroach/pull/131857
+[#131869]: https://github.com/cockroachdb/cockroach/pull/131869
+[#131881]: https://github.com/cockroachdb/cockroach/pull/131881
+[#131891]: https://github.com/cockroachdb/cockroach/pull/131891
+[#131951]: https://github.com/cockroachdb/cockroach/pull/131951
+[#131964]: https://github.com/cockroachdb/cockroach/pull/131964
+[#131967]: https://github.com/cockroachdb/cockroach/pull/131967
+[#132086]: https://github.com/cockroachdb/cockroach/pull/132086
+[#132100]: https://github.com/cockroachdb/cockroach/pull/132100
+[#131100]: https://github.com/cockroachdb/cockroach/pull/131100
diff --git a/src/current/v23.1/sso-sql.md b/src/current/v23.1/sso-sql.md
index edd69a707dd..d9f133e3171 100644
--- a/src/current/v23.1/sso-sql.md
+++ b/src/current/v23.1/sso-sql.md
@@ -5,14 +5,16 @@ toc: true
docs_area: manage
---
+{% include_cached enterprise-feature.md %}
+
CockroachDB clusters allow users to authenticate with Single Sign-on (SSO), both to the [DB Console]({% link {{ page.version.version }}/ui-overview.md %}), and for SQL client access.
Cluster single sign-on (SSO) enables users to access the SQL interface of a CockroachDB cluster (whether provisioned on CockroachDB {{ site.data.products.cloud }} or {{ site.data.products.core }}) with the full security of single sign-on (SSO), and the choice of a variety of cloud-based or customer-managed identity providers (IdPs).
-{{ site.data.products.advanced }} clusters can provision their users with JWTs via the DB Console. This allows users to authenticate to a cluster by signing in to their IdP (for example, Okta or Google) with a link embedded in the DB Console. This flow provisions a JWT that a user can copy out of the DB Console UI and use in a SQL connection string to authenticate to the cluster.
+{{ site.data.products.advanced }} clusters can provision their users with Java Web Tokens (JWTs) via the DB Console. This allows users to authenticate to a cluster by signing in to their IdP (for example, Okta or Google) with a link embedded in the DB Console. This flow provisions a JWT that a user can copy out of the DB Console UI and use in a SQL connection string to authenticate to the cluster.
{{site.data.alerts.callout_info}}
-Cluster single sign-on for the DB Console is supported on {{ site.data.products.core }}, {{ site.data.products.enterprise }} and {{ site.data.products.advanced }} clusters. {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters do not support cluster single sign-on. However, both CockroachDB {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters can use [Cluster Single Sign-on (SSO) using `ccloud` and the CockroachDB Cloud Console]({% link cockroachcloud/cloud-sso-sql.md %}).
+Cluster single sign-on for the DB Console is supported on {{ site.data.products.enterprise }} and {{ site.data.products.advanced }} clusters. {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters do not support cluster single sign-on and do not have access to the DB Console. However, both CockroachDB {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters can use [Cluster Single Sign-on (SSO) to authenticate to the `ccloud` command-line interface and to the CockroachDB Cloud Console]({% link cockroachcloud/cloud-sso-sql.md %}).
{{site.data.alerts.end}}
The page describes how to configure a cluster for cluster single sign-on using JWTs and then how users can authenticate using the JWTs. If you're a user ready to sign in to the DB Console with JWTs, you can skip the configuration section:
diff --git a/src/current/v23.2/sso-sql.md b/src/current/v23.2/sso-sql.md
index edd69a707dd..d9f133e3171 100644
--- a/src/current/v23.2/sso-sql.md
+++ b/src/current/v23.2/sso-sql.md
@@ -5,14 +5,16 @@ toc: true
docs_area: manage
---
+{% include_cached enterprise-feature.md %}
+
CockroachDB clusters allow users to authenticate with Single Sign-on (SSO), both to the [DB Console]({% link {{ page.version.version }}/ui-overview.md %}), and for SQL client access.
Cluster single sign-on (SSO) enables users to access the SQL interface of a CockroachDB cluster (whether provisioned on CockroachDB {{ site.data.products.cloud }} or {{ site.data.products.core }}) with the full security of single sign-on (SSO), and the choice of a variety of cloud-based or customer-managed identity providers (IdPs).
-{{ site.data.products.advanced }} clusters can provision their users with JWTs via the DB Console. This allows users to authenticate to a cluster by signing in to their IdP (for example, Okta or Google) with a link embedded in the DB Console. This flow provisions a JWT that a user can copy out of the DB Console UI and use in a SQL connection string to authenticate to the cluster.
+{{ site.data.products.advanced }} clusters can provision their users with Java Web Tokens (JWTs) via the DB Console. This allows users to authenticate to a cluster by signing in to their IdP (for example, Okta or Google) with a link embedded in the DB Console. This flow provisions a JWT that a user can copy out of the DB Console UI and use in a SQL connection string to authenticate to the cluster.
{{site.data.alerts.callout_info}}
-Cluster single sign-on for the DB Console is supported on {{ site.data.products.core }}, {{ site.data.products.enterprise }} and {{ site.data.products.advanced }} clusters. {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters do not support cluster single sign-on. However, both CockroachDB {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters can use [Cluster Single Sign-on (SSO) using `ccloud` and the CockroachDB Cloud Console]({% link cockroachcloud/cloud-sso-sql.md %}).
+Cluster single sign-on for the DB Console is supported on {{ site.data.products.enterprise }} and {{ site.data.products.advanced }} clusters. {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters do not support cluster single sign-on and do not have access to the DB Console. However, both CockroachDB {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters can use [Cluster Single Sign-on (SSO) to authenticate to the `ccloud` command-line interface and to the CockroachDB Cloud Console]({% link cockroachcloud/cloud-sso-sql.md %}).
{{site.data.alerts.end}}
The page describes how to configure a cluster for cluster single sign-on using JWTs and then how users can authenticate using the JWTs. If you're a user ready to sign in to the DB Console with JWTs, you can skip the configuration section:
diff --git a/src/current/v24.1/sso-sql.md b/src/current/v24.1/sso-sql.md
index edd69a707dd..d9f133e3171 100644
--- a/src/current/v24.1/sso-sql.md
+++ b/src/current/v24.1/sso-sql.md
@@ -5,14 +5,16 @@ toc: true
docs_area: manage
---
+{% include_cached enterprise-feature.md %}
+
CockroachDB clusters allow users to authenticate with Single Sign-on (SSO), both to the [DB Console]({% link {{ page.version.version }}/ui-overview.md %}), and for SQL client access.
Cluster single sign-on (SSO) enables users to access the SQL interface of a CockroachDB cluster (whether provisioned on CockroachDB {{ site.data.products.cloud }} or {{ site.data.products.core }}) with the full security of single sign-on (SSO), and the choice of a variety of cloud-based or customer-managed identity providers (IdPs).
-{{ site.data.products.advanced }} clusters can provision their users with JWTs via the DB Console. This allows users to authenticate to a cluster by signing in to their IdP (for example, Okta or Google) with a link embedded in the DB Console. This flow provisions a JWT that a user can copy out of the DB Console UI and use in a SQL connection string to authenticate to the cluster.
+{{ site.data.products.advanced }} clusters can provision their users with Java Web Tokens (JWTs) via the DB Console. This allows users to authenticate to a cluster by signing in to their IdP (for example, Okta or Google) with a link embedded in the DB Console. This flow provisions a JWT that a user can copy out of the DB Console UI and use in a SQL connection string to authenticate to the cluster.
{{site.data.alerts.callout_info}}
-Cluster single sign-on for the DB Console is supported on {{ site.data.products.core }}, {{ site.data.products.enterprise }} and {{ site.data.products.advanced }} clusters. {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters do not support cluster single sign-on. However, both CockroachDB {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters can use [Cluster Single Sign-on (SSO) using `ccloud` and the CockroachDB Cloud Console]({% link cockroachcloud/cloud-sso-sql.md %}).
+Cluster single sign-on for the DB Console is supported on {{ site.data.products.enterprise }} and {{ site.data.products.advanced }} clusters. {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters do not support cluster single sign-on and do not have access to the DB Console. However, both CockroachDB {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters can use [Cluster Single Sign-on (SSO) to authenticate to the `ccloud` command-line interface and to the CockroachDB Cloud Console]({% link cockroachcloud/cloud-sso-sql.md %}).
{{site.data.alerts.end}}
The page describes how to configure a cluster for cluster single sign-on using JWTs and then how users can authenticate using the JWTs. If you're a user ready to sign in to the DB Console with JWTs, you can skip the configuration section:
diff --git a/src/current/v24.2/cockroachdb-feature-availability.md b/src/current/v24.2/cockroachdb-feature-availability.md
index 95de09e571d..4a601e3912c 100644
--- a/src/current/v24.2/cockroachdb-feature-availability.md
+++ b/src/current/v24.2/cockroachdb-feature-availability.md
@@ -37,6 +37,10 @@ Any feature made available in a phase prior to GA is provided without any warran
### Export metrics to Azure Monitor
[Exporting Metrics to Azure Monitor]({% link cockroachcloud/export-metrics-advanced.md %}?filters=azure-monitor-metrics-export) from a CockroachDB {{ site.data.products.advanced }} cluster hosted on Azure is in limited access. Once the export is configured, metrics will flow from all nodes in all regions of your CockroachDB {{ site.data.products.advanced }} cluster to your chosen cloud metrics sink. To express interest and try it out, contact [Support](https://support.cockroachlabs.com/hc).
+### Cluster SSO backed by LDAP
+
+[Cluster SSO]({% link {{ page.version.version }}/sso-sql.md %}) using an identity stored in LDAP is in Limited Access. The [cluster setting]({% link {{ page.version.version }}/cluster-settings.md %}) `server.auth_log.sql_sessions.enabled`, which logs more details about cluster authentication failures, is also in Limited Access.
+
## Features in preview
{{site.data.alerts.callout_info}}
diff --git a/src/current/v24.2/sso-sql.md b/src/current/v24.2/sso-sql.md
index edd69a707dd..d9f133e3171 100644
--- a/src/current/v24.2/sso-sql.md
+++ b/src/current/v24.2/sso-sql.md
@@ -5,14 +5,16 @@ toc: true
docs_area: manage
---
+{% include_cached enterprise-feature.md %}
+
CockroachDB clusters allow users to authenticate with Single Sign-on (SSO), both to the [DB Console]({% link {{ page.version.version }}/ui-overview.md %}), and for SQL client access.
Cluster single sign-on (SSO) enables users to access the SQL interface of a CockroachDB cluster (whether provisioned on CockroachDB {{ site.data.products.cloud }} or {{ site.data.products.core }}) with the full security of single sign-on (SSO), and the choice of a variety of cloud-based or customer-managed identity providers (IdPs).
-{{ site.data.products.advanced }} clusters can provision their users with JWTs via the DB Console. This allows users to authenticate to a cluster by signing in to their IdP (for example, Okta or Google) with a link embedded in the DB Console. This flow provisions a JWT that a user can copy out of the DB Console UI and use in a SQL connection string to authenticate to the cluster.
+{{ site.data.products.advanced }} clusters can provision their users with Java Web Tokens (JWTs) via the DB Console. This allows users to authenticate to a cluster by signing in to their IdP (for example, Okta or Google) with a link embedded in the DB Console. This flow provisions a JWT that a user can copy out of the DB Console UI and use in a SQL connection string to authenticate to the cluster.
{{site.data.alerts.callout_info}}
-Cluster single sign-on for the DB Console is supported on {{ site.data.products.core }}, {{ site.data.products.enterprise }} and {{ site.data.products.advanced }} clusters. {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters do not support cluster single sign-on. However, both CockroachDB {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters can use [Cluster Single Sign-on (SSO) using `ccloud` and the CockroachDB Cloud Console]({% link cockroachcloud/cloud-sso-sql.md %}).
+Cluster single sign-on for the DB Console is supported on {{ site.data.products.enterprise }} and {{ site.data.products.advanced }} clusters. {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters do not support cluster single sign-on and do not have access to the DB Console. However, both CockroachDB {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters can use [Cluster Single Sign-on (SSO) to authenticate to the `ccloud` command-line interface and to the CockroachDB Cloud Console]({% link cockroachcloud/cloud-sso-sql.md %}).
{{site.data.alerts.end}}
The page describes how to configure a cluster for cluster single sign-on using JWTs and then how users can authenticate using the JWTs. If you're a user ready to sign in to the DB Console with JWTs, you can skip the configuration section:
diff --git a/src/current/v24.3/cockroachdb-feature-availability.md b/src/current/v24.3/cockroachdb-feature-availability.md
index 95de09e571d..4a601e3912c 100644
--- a/src/current/v24.3/cockroachdb-feature-availability.md
+++ b/src/current/v24.3/cockroachdb-feature-availability.md
@@ -37,6 +37,10 @@ Any feature made available in a phase prior to GA is provided without any warran
### Export metrics to Azure Monitor
[Exporting Metrics to Azure Monitor]({% link cockroachcloud/export-metrics-advanced.md %}?filters=azure-monitor-metrics-export) from a CockroachDB {{ site.data.products.advanced }} cluster hosted on Azure is in limited access. Once the export is configured, metrics will flow from all nodes in all regions of your CockroachDB {{ site.data.products.advanced }} cluster to your chosen cloud metrics sink. To express interest and try it out, contact [Support](https://support.cockroachlabs.com/hc).
+### Cluster SSO backed by LDAP
+
+[Cluster SSO]({% link {{ page.version.version }}/sso-sql.md %}) using an identity stored in LDAP is in Limited Access. The [cluster setting]({% link {{ page.version.version }}/cluster-settings.md %}) `server.auth_log.sql_sessions.enabled`, which logs more details about cluster authentication failures, is also in Limited Access.
+
## Features in preview
{{site.data.alerts.callout_info}}
diff --git a/src/current/v24.3/sso-sql.md b/src/current/v24.3/sso-sql.md
index edd69a707dd..d9f133e3171 100644
--- a/src/current/v24.3/sso-sql.md
+++ b/src/current/v24.3/sso-sql.md
@@ -5,14 +5,16 @@ toc: true
docs_area: manage
---
+{% include_cached enterprise-feature.md %}
+
CockroachDB clusters allow users to authenticate with Single Sign-on (SSO), both to the [DB Console]({% link {{ page.version.version }}/ui-overview.md %}), and for SQL client access.
Cluster single sign-on (SSO) enables users to access the SQL interface of a CockroachDB cluster (whether provisioned on CockroachDB {{ site.data.products.cloud }} or {{ site.data.products.core }}) with the full security of single sign-on (SSO), and the choice of a variety of cloud-based or customer-managed identity providers (IdPs).
-{{ site.data.products.advanced }} clusters can provision their users with JWTs via the DB Console. This allows users to authenticate to a cluster by signing in to their IdP (for example, Okta or Google) with a link embedded in the DB Console. This flow provisions a JWT that a user can copy out of the DB Console UI and use in a SQL connection string to authenticate to the cluster.
+{{ site.data.products.advanced }} clusters can provision their users with Java Web Tokens (JWTs) via the DB Console. This allows users to authenticate to a cluster by signing in to their IdP (for example, Okta or Google) with a link embedded in the DB Console. This flow provisions a JWT that a user can copy out of the DB Console UI and use in a SQL connection string to authenticate to the cluster.
{{site.data.alerts.callout_info}}
-Cluster single sign-on for the DB Console is supported on {{ site.data.products.core }}, {{ site.data.products.enterprise }} and {{ site.data.products.advanced }} clusters. {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters do not support cluster single sign-on. However, both CockroachDB {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters can use [Cluster Single Sign-on (SSO) using `ccloud` and the CockroachDB Cloud Console]({% link cockroachcloud/cloud-sso-sql.md %}).
+Cluster single sign-on for the DB Console is supported on {{ site.data.products.enterprise }} and {{ site.data.products.advanced }} clusters. {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters do not support cluster single sign-on and do not have access to the DB Console. However, both CockroachDB {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters can use [Cluster Single Sign-on (SSO) to authenticate to the `ccloud` command-line interface and to the CockroachDB Cloud Console]({% link cockroachcloud/cloud-sso-sql.md %}).
{{site.data.alerts.end}}
The page describes how to configure a cluster for cluster single sign-on using JWTs and then how users can authenticate using the JWTs. If you're a user ready to sign in to the DB Console with JWTs, you can skip the configuration section: