SC-5308: extract upstream auth guide

Author: budziam

docs/secure-connections/sauce-connect-5/advanced/security-authentication.md

@@ -83,32 +83,6 @@ Having our own cloud enables us to provide our services faster, and with higher
 
 For an overview of the services offered by Sauce Labs, our methods for securing the transmission of test data and results, and our security policies and procedures, see our white paper, [Overview of Sauce Labs Security Processes](https://saucelabs.com/resources/white-papers/overview-of-sauce-labs-security-processes).
 
-## Authentication Using `--auth`
-
-This approach to authentication works by configuring Sauce Connect Proxy to send authentication details to any URL requesting them. It works for all requests, even those where you're asked for credentials in response to a click or form submission.
-
-For each URL where you need to bypass HTTP authentication, add this to your Sauce Connect Proxy startup command:
-
-```bash
---auth host:port:username:password
-```
-
-If your website doesn't need a port, you can use the default port, `port 80`. Let's say that your website under test is `mysite.com`, your username is `awesometester`, and your password is `supersekrit`. Here's how you'd write your Sauce Connect Proxy startup command:
-
-```bash
---auth mysite.com:80:awesometester:supersekrit
-```
-
-You can use this option multiple times in a row:
-
-```bash
---auth mysite.com:80:awesometester:supersekrit \
---auth myothersite.com:443:awesometester:supersekrit \
---auth mythirdsite.com:80:awesometester:supersekrit
-```
-
-For more information, see [Using Environment Variables for Authentication Credentials](/basics/environment-variables).
-
 ## Certificate Handling
 
 The security of Sauce Connect Proxy communication to both the Sauce Labs API and the virtual machine hosting your tests in the Sauce Labs cloud is managed through [public key certificates](https://en.wikipedia.org/wiki/Public_key_certificate).

docs/secure-connections/sauce-connect-5/guides/upstream-auth.md

@@ -0,0 +1,47 @@
+---
+id: upstream-auth
+title: Sauce Connect Proxy Upstream Authentication
+sidebar_label: Upstream Authentication
+---
+
+Sauce Connect Proxy supports upstream HTTP authentication via the [`--auth`](/dev/cli/sauce-connect-5/run/#auth) flag.
+This flag allows the proxy to automatically send credentials to specified hosts.
+It is necessary when your site under test is protected by basic authentication, and you want Sauce Connect Proxy to handle authentication transparently for you.
+
+## Overview
+
+By using the [`--auth`](/dev/cli/sauce-connect-5/run/#auth) flag, you can instruct Sauce Connect Proxy to send authentication credentials automatically whenever a request matches a specific host and port. This works for:
+
+- Standard HTTP basic authentication prompts.
+- Authentication challenges triggered by clicks or form submissions.
+
+## Usage
+
+To configure Sauce Connect Proxy to send credentials to an upstream server, use the following format:
+
+```bash
+--auth host:port:username:password
+```
+
+### Example
+
+If your application is hosted at `mysite.com` and uses basic authentication with the username `awesometester` and password `supersekrit`, your command would look like this:
+
+```bash
+--auth mysite.com:80:awesometester:supersekrit
+```
+You can also use HTTPS (port `443`) or any other port that your upstream server is listening on.
+
+### Multiple Hosts
+
+You can provide the `--auth` flag multiple times to support multiple upstream hosts:
+
+```bash
+--auth mysite.com:80:awesometester:supersekrit \
+--auth myothersite.com:443:awesometester:supersekrit \
+--auth mythirdsite.com:80:awesometester:supersekrit
+```
+
+## Security Tip
+
+If you're concerned about exposing credentials in the command line (where they can be viewed in process lists), consider using environment variables instead. For more details, see [Using Environment Variables](/secure-connections/sauce-connect-5/guides/configuration/#environment-variables)

sidebars.js

@@ -1039,6 +1039,7 @@ module.exports = {
                                 'secure-connections/sauce-connect-5/guides/ci-cd-integration',
                                 'secure-connections/sauce-connect-5/guides/tunnel-pool',
                                 'secure-connections/sauce-connect-5/guides/sharing-tunnel',
+                                'secure-connections/sauce-connect-5/guides/upstream-auth',
                             ],
                         },
                         {