Fixes (#38366)

Hesperide · web-flow · commit c306552e58fb · 2024-05-20T21:03:20.000-04:00
diff --git a/docs/enterprise-setup/implementation-guide.md b/docs/enterprise-setup/implementation-guide.md
@@ -105,6 +105,10 @@ stringData:
   instance-admin-email: ## e.g. admin@company.example
   instance-admin-password: ## e.g. password
 
+  # SSO OIDC Credentials
+  client-id: ## e.g. e83bbc57-1991-417f-8203-3affb47636cf
+  client-secret: ## e.g. wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+
   # AWS S3 Secrets
   s3-access-key-id: ## e.g. AKIAIOSFODNN7EXAMPLE
   s3-secret-access-key: ## e.g. wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
@@ -158,10 +162,14 @@ stringData:
   database-user: ## e.g. airbyte
   database-password: ## e.g. password
 
-  # Instance Admin
+  # Instance Admin Credentials
   instance-admin-email: ## e.g. admin@company.example
   instance-admin-password: ## e.g. password
 
+  # SSO OIDC Credentials
+  client-id: ## e.g. e83bbc57-1991-417f-8203-3affb47636cf
+  client-secret: ## e.g. wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+
   # GCP Secrets
   gcp.json: <CREDENTIALS_JSON_BLOB>
 ```
@@ -202,15 +210,62 @@ Follow these instructions to add the Airbyte helm repository:
 
 2. Paste the following into your newly created `values.yaml` file. This is required to deploy Airbyte Self-Managed Enterprise:
 
-```yml
+```yaml
 global:
   edition: enterprise
+```
+
+3. To enable SSO authentication, add instance admin details [SSO auth details](/access-management/sso) to your `values.yaml` file, under `global`. See the [following guide](/access-management/sso#set-up) on how to collect this information for various IDPs, such as Okta and Azure Entra ID.
+
+```yaml
+auth:
+  instanceAdmin:
+    firstName: ## First name of admin user.
+    lastName: ## Last name of admin user.
+  identityProvider:
+    type: oidc
+    secretName: airbyte-config-secrets ## Name of your Kubernetes secret.
+    oidc:
+      domain: ## e.g. company.example
+      app-name: ## e.g. airbyte
+      clientIdSecretKey: client-id
+      clientSecretSecretKey: client-secret
+```
+
+
+
+4. You must configure the public facing URL of your Airbyte instance to your `values.yaml` file, under `global`:
+
+```yaml
+airbyteUrl: # e.g. https://airbyte.company.example
+```
+
+5. Verify the configuration of your `values.yml` so far. Ensure `license-key`, `instance-admin-email` and `instance-admin-password` are all available via Kubernetes Secrets (configured in [prerequisites](#creating-a-kubernetes-secret)). It should appear as follows:
 
-  # This must be set to the public facing URL of your Airbyte instance.
-  airbyteUrl: #https://airbyte.company.example
+<details>
+<summary>Sample initial values.yml file</summary>
+
+```yaml
+global:
+  edition: enterprise
+  airbyteUrl: # e.g. https://airbyte.company.example
+  auth:
+    instanceAdmin:
+      firstName: ## First name of admin user.
+      lastName: ## Last name of admin user.
+    identityProvider:
+      type: oidc
+      secretName: airbyte-config-secrets ## Name of your Kubernetes secret.
+      oidc:
+        domain: ## e.g. company.example
+        app-name: ## e.g. airbyte
+        clientIdSecretKey: client-id
+        clientSecretSecretKey: client-secret
 ```
 
-3. The following subsections help you customize your deployment to use an external database, log storage, dedicated ingress, and more. To skip this and deploy a minimal, local version of Self-Managed Enterprise, [jump to Step 3](#step-3-deploy-self-managed-enterprise).
+</details>
+
+The following subsections help you customize your deployment to use an external database, log storage, dedicated ingress, and more. To skip this and deploy a minimal, local version of Self-Managed Enterprise, [jump to Step 3](#step-3-deploy-self-managed-enterprise).
 
 #### Configuring the Airbyte Database
 
@@ -361,22 +416,6 @@ secretsManager:
 
 </details>
 
-#### Configuring External OIDC Provider (Optional)
-
-To enable SSO authentication, add [SSO auth details](/access-management/sso) to your `values.yaml` file.
-```yaml
-auth:
-  identityProvider:
-    type: oidc
-    oidc:
-      domain: #company.example
-      app-name: #airbyte
-      client-id: #e83bbc57-1991-417f-8203-3affb47636cf
-      client-secret: #$OKTA_CLIENT_SECRET
-```
-
-See the [following guide](/access-management/sso-providers/okta) on how to collect this information for Okta.
-
 #### Configuring Ingress
 
 To access the Airbyte UI, you will need to manually attach an ingress configuration to your deployment. The following is a skimmed down definition of an ingress resource you could use for Self-Managed Enterprise:
