mirror of
https://github.com/pomerium/pomerium.git
synced 2025-05-28 16:37:24 +02:00
update Enterprise docs for 0.16.0 (#2993)
* update Enterprise docs for 0.16.0 * Update docs/enterprise/upgrading.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * more docs, plus cross-links Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
This commit is contained in:
parent
825b3cdf0d
commit
ab0b674b80
8 changed files with 93 additions and 2 deletions
|
@ -23,6 +23,12 @@ A list of audiences for verifying signing key
|
|||
|
||||
**Default value:** `[]`
|
||||
|
||||
## authenticate-service-url
|
||||
|
||||
URL for the authenticate service
|
||||
|
||||
**Default value:** `none`
|
||||
|
||||
## bind-addr
|
||||
|
||||
the address to listen on
|
||||
|
@ -55,6 +61,12 @@ the databroker service url
|
|||
|
||||
**Default value:** `http://localhost:5443`
|
||||
|
||||
## debug-config-dump
|
||||
|
||||
dump databroker configuration
|
||||
|
||||
**Default value:** `false`
|
||||
|
||||
## disable-validation
|
||||
|
||||
disable config validation
|
||||
|
|
|
@ -389,6 +389,47 @@ certificate_key: "$HOME/.acme.sh/*.example.com/*.example.com.key"
|
|||
|
||||
**Note:** Pomerium will check your system's trust/key store for valid certificates first. If your certificate solution imports into the system store, you don't need to also specify them with these configuration keys.
|
||||
|
||||
## Devices
|
||||
|
||||
Introduced in v0.16.0, the **Manage Devices** page lets administrators manage user devices for policy-based authorization.
|
||||
|
||||
|
||||
### Manage Devices
|
||||
|
||||
From this page, administrators can manage new and existing device enrollments.
|
||||
Device enrollment let's you create [policies](/docs/topics/ppl.html#device-matcher) that use [device identity](/docs/topics/device-identity.md).
|
||||
- Users can [self-enroll](/guides/enroll-device.md) devices, which must then be approved in the **Devices List** for policies requiring approved devices.
|
||||
- Administrators can use the **New Enrollment** button to create a link for the user to enroll a device as pre-approved.
|
||||
|
||||
|
||||
### Devices List
|
||||
|
||||
Displays the currently enrolled devices for each user, along with their current approval status.
|
||||
Administrators can inspect, approve, or delete registered devices from this table.
|
||||
|
||||

|
||||
|
||||
|
||||
### New Enrollment
|
||||
|
||||
The **New Enrollment** button allows administrators to create a custom link for a specific user to use to register a new device, which will automatically be approved.
|
||||
This scheme is known as [Trust on First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use).
|
||||
|
||||

|
||||
|
||||
|
||||
#### Search Users
|
||||
|
||||
New Enrollment URLs are only valid for the specified user.
|
||||
|
||||
#### Redirect URL
|
||||
|
||||
**Required**: The URL the user will be taken to after device enrollment is successful.
|
||||
|
||||
#### Enrollment Type
|
||||
|
||||
Specify if the user can enroll any device identity, or restrict it to a [secure enclave](/docs/topics/device-identity.md#secure-enclaves).
|
||||
|
||||
[route-concept]: /enterprise/concepts.md#routes
|
||||
[route-reference]: /enterprise/reference/manage.md#routes
|
||||
[namespace-concept]: /enterprise/concepts.md#namespaces
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue