docs: move group management to separate file

ubuntu · Jan 15, 2025 · 903c971 · 903c971
1 parent 3245c73
commit 903c971
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 18 deletions.
diff --git a/docs/.custom_wordlist.txt b/docs/.custom_wordlist.txt
@@ -22,6 +22,7 @@ Kerberos
 keytab
 Keytab
 Keytabs
+linux
 mountpoint
 msentraid
 NFS

diff --git a/docs/assets/gdm-groups.png → docs/assets/entraid-groups.png b/docs/assets/gdm-groups.png → docs/assets/entraid-groups.png
diff --git a/docs/howto/login-gdm.md b/docs/howto/login-gdm.md
@@ -25,24 +25,6 @@ Upon successful authentication, the user is prompted to enter a local password.
 
 ![Prompt to create local password on successful authentication.](../assets/gdm-pass.png)
 
-## Group management
-
-In our example the user `authd test` is a member of the Azure groups `Azure_OIDC_Test` and `linux-sudo`:
-
-![Azure portal interface showing the Azure groups.](../assets/gdm-groups.png)
-
-This translates to the following unix groups on the local machine:
-
-```shell
-~$ groups
-[email protected] sudo azure_oidc_test
-```
-
-There are three types of groups:
-1. **Primary group**: Created automatically based on the user name
-1. **Local group**: Group local to the machine prefixed with `linux-`. For instance if the user is a member of the Azure group `linux-sudo`, they will be a member of the `sudo` group locally.
-1. **Remote group**: All the other Azure groups the user is a member of.
-
 ## Commands
 
 ### authd

diff --git a/docs/reference/group-management.md b/docs/reference/group-management.md
@@ -0,0 +1,30 @@
+# Group management
+
+Groups are used to manage users that all need the same access and permissions to resources.
+Groups from the remote provider can be mapped into local Linux groups for the user.
+
+```{note}
+  Groups are currently supported for the `msentraid` broker.
+```
+
+## MS Entra ID
+
+MS Entra ID supports creating groups and adding users to them.
+
+> See [Manage Microsoft Entra groups and group membership](https://learn.microsoft.com/en-us/entra/fundamentals/how-to-manage-groups)
+
+For example the user `authd test`, is a member of the Entra ID groups `Azure_OIDC_Test` and `linux-sudo`:
+
+![Azure portal interface showing the Azure groups.](../assets/entraid-groups.png)
+
+This translates to the following unix groups on the local machine:
+
+```shell
+~$ groups
+[email protected] sudo azure_oidc_test
+```
+
+There are three types of groups:
+1. **Primary group**: Created automatically based on the user name
+1. **Local group**: Group local to the machine prefixed with `linux-`. For instance if the user is a member of the Azure group `linux-sudo`, they will be a member of the `sudo` group locally.
+1. **Remote group**: All the other Azure groups the user is a member of.
diff --git a/docs/reference/index.md b/docs/reference/index.md
@@ -6,4 +6,5 @@
 :titlesonly:
 
 Troubleshooting <troubleshooting>
+Group Management <group-management>
 ```
-Original file line number
+Diff line change
@@ Expand Up / @@ -22,6 +22,7 @@ Kerberos @@
     keytab
     Keytab
     Keytabs
+    linux
     mountpoint
     msentraid
     NFS
@@ Expand Down @@