From e401c963daa94d77ea1b86ca0d2145012e425246 Mon Sep 17 00:00:00 2001
From: pollfly <75068813+pollfly@users.noreply.github.com>
Date: Sun, 24 Mar 2024 11:04:13 +0200
Subject: [PATCH] Add user management section (#809)

---
 docs/user_management/access_rules.md       | 15 +++++++++++++++
 docs/user_management/admin_vaults.md       | 20 ++++++++++++++++++++
 docs/user_management/identity_providers.md | 15 +++++++++++++++
 docs/user_management/user_groups.md        | 14 ++++++++++++++
 sidebars.js                                |  8 +++++++-
 5 files changed, 71 insertions(+), 1 deletion(-)
 create mode 100644 docs/user_management/access_rules.md
 create mode 100644 docs/user_management/admin_vaults.md
 create mode 100644 docs/user_management/identity_providers.md
 create mode 100644 docs/user_management/user_groups.md

diff --git a/docs/user_management/access_rules.md b/docs/user_management/access_rules.md
new file mode 100644
index 00000000..db33dd45
--- /dev/null
+++ b/docs/user_management/access_rules.md
@@ -0,0 +1,15 @@
+---
+title: Access Rules
+---
+
+:::important Enterprise Feature
+Access Rules are available under the ClearML Enterprise plan
+:::
+
+Workspace administrators can use Access Rules to specify which users, service accounts and/or [user groups](user_groups.md) 
+have access to various workspace resources: projects, tasks, models, dataviews, hyper-datasets and queues. Admins can 
+specify **Read Only** or **Read & Modify** access to resources. 
+
+Through access rules, administrators can enforce and maintain workspace information security.
+
+For more information see [Access Rules](../webapp/webapp_profile.md#access-rules).
\ No newline at end of file
diff --git a/docs/user_management/admin_vaults.md b/docs/user_management/admin_vaults.md
new file mode 100644
index 00000000..57b523c1
--- /dev/null
+++ b/docs/user_management/admin_vaults.md
@@ -0,0 +1,20 @@
+---
+title: Administrator Vaults
+---
+
+:::important Enterprise Feature
+Administrator Vaults are available under the ClearML Enterprise plan
+:::
+
+Administrators can set configuration for users, [service accounts](../webapp/webapp_profile.md#service-accounts), 
+and [user groups](../webapp/webapp_profile.md#user-groups) within a ClearML workspace by using central configuration 
+stores--or Administrator Vaults.
+
+Administrators can define multiple [configuration vaults](../webapp/webapp_profile.md#configuration-vault) which will 
+each be applied to their designated [user groups](../webapp/webapp_profile.md#user-groups), allowing for custom settings. 
+Configuration vault values are applied to tasks run by members of the designated user groups. When applied, the configuration 
+vaults extend and/or override entries in the local ClearML [configuration file](../configs/clearml_conf.md)
+where a ClearML task is executed.
+
+For more information see [Administrator Vaults](../webapp/webapp_profile.md#administrator-vaults).
+
diff --git a/docs/user_management/identity_providers.md b/docs/user_management/identity_providers.md
new file mode 100644
index 00000000..46fbd8f6
--- /dev/null
+++ b/docs/user_management/identity_providers.md
@@ -0,0 +1,15 @@
+---
+title: Identity Providers
+---
+
+:::important Enterprise Feature
+This feature is available under the ClearML Enterprise plan
+:::
+
+Administrators can seamlessly connect ClearML with their identity service providers to easily implement Single Sign On 
+(SSO). On top of authenticating users, this also allows ClearML to retrieve user information and more. Once an identity 
+provider connection is configured and enabled, the option appears in your server login page.
+
+ClearML supports standard protocols such as OIDC and SAML, and popular providers, including Auth0, Google, Okta, and more.
+
+For more information see [Identity Providers](../webapp/webapp_profile.md#identity-providers).
\ No newline at end of file
diff --git a/docs/user_management/user_groups.md b/docs/user_management/user_groups.md
new file mode 100644
index 00000000..1152ad2c
--- /dev/null
+++ b/docs/user_management/user_groups.md
@@ -0,0 +1,14 @@
+---
+title: User Groups
+---
+
+:::important Enterprise Feature
+User Groups are available under the ClearML Enterprise plan
+:::
+
+Administrators can define user groups, which can be used for access privilege management. User groups facilitate easy 
+configuration and access control administration by allowing administrators to assign administrator vaults and access 
+rules at the group level rather than for each user and/or [service account](../webapp/webapp_profile.md#service-accounts) 
+individually. Administrators have the flexibility to create user groups, and add or remove members as needed.
+
+For more information see [User Groups](../webapp/webapp_profile.md#user-groups)
\ No newline at end of file
diff --git a/sidebars.js b/sidebars.js
index f7b3cdec..ed71b4ee 100644
--- a/sidebars.js
+++ b/sidebars.js
@@ -146,7 +146,13 @@ module.exports = {
             'webapp/webapp_profile']
         },
         {'Configuring ClearML': ['configs/configuring_clearml', 'configs/clearml_conf', 'configs/env_vars']},
-        //'References': ['references/clearml_ref','references/clearml_agent_ref'],
+        {'User Management': [
+            'user_management/user_groups',
+            'user_management/access_rules',
+            'user_management/admin_vaults',
+            'user_management/identity_providers'
+            ]
+        },
         {'ClearML Server': ['deploying_clearml/clearml_server',
             {
                 'Deploying ClearML Server': ['deploying_clearml/clearml_server_aws_ec2_ami', 'deploying_clearml/clearml_server_gcp',