External Authentication Revamp

[jrafanie]

We need to review and summarize authentication support in podified and appliances, what is done automatically or needs manual configuration (creating groups to match ldap groups and giving correct permissions) and determine if some of the documentation or supported configurations are still relevant.

I couldn't find documentation that, regardless of external authentication type, you'd need to create groups either in ldap (to match internal groups) or internally to match external authentication and configure what permissions this group has.

This line is hidden is hidden in the middle or end of a large page of documentation in multiple places:

In Configure→Configuration→Access Control

Make sure the user’s groups are created on the Appliance and appropriate roles assigned to those groups.

https://www.manageiq.org/docs/reference/latest/auth/openid_connect.html
and https://www.manageiq.org/docs/reference/latest/auth/ldap.html

It seems like we should start with the common steps for all authentication configurations for podified and appliances and then give links to separate documentation for just that specific configuration.

[Fryguy]

I'm thinking we need an https://www.manageiq.org/docs/reference/latest/auth/overview.html page that talks about external authentication in general, what types are supported by which deployments (or perhaps that should be in the capabilities matrix), and this rules about groups being configured properly.

[miq-bot]

This issue has been automatically marked as stale because it has not been updated for at least 3 months.

If you can still reproduce this issue on the current release or on master, please reply with all of the information you have about it in order to keep the issue open.

Thank you for all your contributions! More information about the ManageIQ triage process can be found in the triage process documentation.