sams: initial page content

sourcegraph · Jan 19, 2024 · 3b4ab09 · 3b4ab09
1 parent 8d64abc
commit 3b4ab09
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/content/departments/engineering/teams/core-services/sams/index.md b/content/departments/engineering/teams/core-services/sams/index.md
@@ -0,0 +1,16 @@
+# Sourcegraph Accounts Managment System (SAMS)
+
+[Sourcegraph Accounts Managment System (SAMS)](https://docs.google.com/document/d/16F6uvfM9EknpcuAQQ8kIPOZ9gHo0Lx4lgprw_5sWJEs/edit) is the centralized accounts system for all of the Sourcegraph-operated systems, it provides:
+
+- Single Sign-On (SSO) experience for users of those systems, and cross-system referenceable user ID.
+- Out-of-the-box machine-to-machine authentication and authorization capabilities.
+
+It is compliant with [OAuth 2](https://oauth.net/2/) and [OIDC](https://openid.net/) protocols but only exposes a subset of the full capabilities for security reasons. In particular, only the following flows are allowed:
+
+- [Authorization Code Flow](https://auth0.com/docs/get-started/authentication-and-authorization-flow/authorization-code-flow)
+- [Refresh Token Flow](https://cloudentity.com/developers/basics/oauth-grant-types/refresh-token-flow/)
+- [Client Credentials Flow](https://auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow)
+
+The [OpenID Discovery](https://accounts.sourcegraph.com/.well-known/openid-configuration) endpoint lays out all the protocol details that a Relay Party / Service Provider needs to know to integrate with SAMS.
+
+## System characteristics