Feature/11655 saml SCIM limitations

.editorconfig

@@ -0,0 +1,15 @@
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+indent_style = space
+indent_size = 2
+
+[*.md]
+trim_trailing_whitespace = true
+max_line_length = 80
+ordered_list_item_prefix = 1
+no_multiple_top_level_headings = true
+no_multiple_consecutive_blank_lines = true
+insert_final_newline = true

.gitignore

@@ -5,8 +5,65 @@
 # we rebuild as part of CI/CD deployments, we just don't check-in.
 /resources
 
+### macOS ###
+# General
 .DS_Store
-node_modules
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+### Windows ###
+# Windows thumbnail cache files
+Thumbs.db
+Thumbs.db:encryptable
+ehthumbs.db
+ehthumbs_vista.db
+
+# Dump file
+*.stackdump
+
+# Folder config file
+[Dd]esktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Windows Installer files
+*.cab
+*.msi
+*.msix
+*.msm
+*.msp
+
+# Windows shortcuts
+*.lnk
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# Source map files
 *.map
 
 # For us Vim folk.
@@ -16,17 +73,43 @@ node_modules
 .idea/
 *.iml
 
+### VisualStudioCode ###
 .vscode
 
+# VScode solution files.
+*.sln
+
+# Local History for Visual Studio Code
+.history/
+
+# Built Visual Studio Code Extensions
+*.vsix
+
+### VisualStudioCode Patch ###
+# Ignore all local history of files
+.history
+.ionide
+
 # We use yarn instead of npm. If someone happens to use npm, a
 # package-lock.json file will be created, which is redundant with
 # yarn's yarn.lock file. We ignore package-lock.json to prevent
 # it from being added mistakenly.
 /package-lock.json
 
-# Python's virtual env dir.
+### Python ###
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# venv dir
 venv/
 
+# compiled python files
+*.pyc
+*.pyo
+*.pyd
+
 # Ignore the Stencil component bundle.
 /static/js/components.js
 /static/js/components/
@@ -60,5 +143,19 @@ _vendor/
 .doctrees/
 .buildinfo
 
-# VScode solution files.
-*.sln
+### Archive files ###
+*.zip
+*.tar.gz
+*.tar.xz
+*.tar.bz2
+*.tar.lz
+*.7z
+*.rar
+
+### Aider specific ###
+.aider*
+.env
+
+### Devbox specific ###
+# site: https://www.jetify.com/devbox
+.devbox

.prettierignore

@@ -42,4 +42,12 @@ typedoc.json
 origin-bucket-metadata.json
 
 # Ignore js scripts added to the static folder
-static/js
+static/js
+
+# Ignore .devbox
+.devbox
+devbox.json
+
+# Ignore Aider
+.aider*
+.env

assets/css/marketing.css

@@ -1,6 +1,3 @@
-/*!*********************************************************************************************************************************************************************************************************************!*\
-  !*** css ./node_modules/css-loader/dist/cjs.js??ruleSet[1].rules[1].use[1]!./node_modules/postcss-loader/dist/cjs.js!./node_modules/sass-loader/dist/cjs.js??ruleSet[1].rules[1].use[3]!./src/scss/_marketing.scss ***!
-  \*********************************************************************************************************************************************************************************************************************/
 /*! tailwindcss v2.2.15 | MIT License | https://tailwindcss.com */
 
 /*! modern-normalize v1.1.0 | MIT License | https://github.com/sindresorhus/modern-normalize */

assets/js/marketing.js

@@ -1 +0,0 @@
-(()=>{"use strict";var __webpack_modules__={"./src/scss/_marketing.scss":(__unused_webpack_module,__webpack_exports__,__webpack_require__)=>{eval("__webpack_require__.r(__webpack_exports__);\n// extracted by mini-css-extract-plugin\n\n\n//# sourceURL=webpack://theme/./src/scss/_marketing.scss?")},"./src/ts/marketing.ts":(__unused_webpack_module,__webpack_exports__,__webpack_require__)=>{eval('__webpack_require__.r(__webpack_exports__);\n/* harmony import */ var _scss_marketing_scss__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(/*! ../scss/_marketing.scss */ "./src/scss/_marketing.scss");\n\n\n\n//# sourceURL=webpack://theme/./src/ts/marketing.ts?')}},__webpack_module_cache__={};function __webpack_require__(_){var e=__webpack_module_cache__[_];if(void 0!==e)return e.exports;var r=__webpack_module_cache__[_]={exports:{}};return __webpack_modules__[_](r,r.exports,__webpack_require__),r.exports}__webpack_require__.r=_=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(_,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(_,"__esModule",{value:!0})};var __webpack_exports__=__webpack_require__("./src/ts/marketing.ts")})();

content/docs/pulumi-cloud/access-management/saml/_index.md

@@ -31,6 +31,8 @@ The [Pulumi Cloud](https://app.pulumi.com) can be configured to work with any SA
 
 If you're a member of a SAML-based Pulumi organization, you can sign in to [your account](/docs/pulumi-cloud/accounts/) via Single Sign-On. To learn about the important aspects of configuring SSO for your IdP, refer to the [SSO page](sso/).
 
+{{< sso-saml-limits-info >}}
+
 ## Integration Guides
 
 If you're looking to integrate Pulumi with your SAML 2.0 identity provider, refer to one of our example guides:

content/docs/pulumi-cloud/access-management/saml/aad.md

@@ -27,6 +27,8 @@ This guide walks you through configuring your Azure Active Directory (Azure AD)
 
 - [Single Sign-On](/docs/pulumi-cloud/access-management/saml/sso/)
 
+{{< sso-saml-limits-info idp="Azure AD" >}}
+
 ## Configuring Azure AD
 
 ### Add an application to your Azure AD tenant

content/docs/pulumi-cloud/access-management/saml/auth0.md

@@ -29,6 +29,8 @@ This guide walks you through configuring your Auth0 Authentication Platform as a
 * You must be an admin of your Pulumi organization.
 * (Optional, but highly recommended) You should have more than one admin for your Pulumi organization.
 
+{{< sso-saml-limits-info idp="Auth0" >}}
+
 ## Enabling SAML For Your Auth0 Authentication Platform
 
 To enable SAML for your Auth0 Authentication Platform, navigate to the **Applications** section of your Auth0 dashboard. You may

content/docs/pulumi-cloud/access-management/saml/gsuite.md

@@ -28,6 +28,8 @@ This guide walks you through configuring your Google Workspace (formerly known a
 
 - [Single Sign-On](/docs/pulumi-cloud/access-management/saml/sso/)
 
+{{< sso-saml-limits-info idp="Google Workspace" >}}
+
 ## Creating the SAML Application
 
 1. In the [administrator console](https://admin.google.com/) for your Google Workspace domain, open the flyout menu

content/docs/pulumi-cloud/access-management/saml/okta.md

@@ -27,6 +27,8 @@ This guide walks you through configuring Okta as a SAML SSO identity provider (I
 
 - [Single Sign-On](/docs/pulumi-cloud/access-management/saml/sso/)
 
+{{< sso-saml-limits-info idp="Okta" >}}
+
 ## Creating the Okta Application
 
 The first step is to create a new Okta Application Integration. Of the various "sign-in methods"

content/docs/pulumi-cloud/access-management/saml/onelogin.md

@@ -26,6 +26,8 @@ This guide walks you through configuring OneLogin as a SAML SSO identity provide
 
 - [Single Sign-On](/docs/pulumi-cloud/access-management/saml/sso/)
 
+{{< sso-saml-limits-info idp="OneLogin" >}}
+
 ## Creating the OneLogin Application
 
 The first step is to create a new OneLogin Application for Pulumi SSO:

content/docs/pulumi-cloud/access-management/saml/sso.md

@@ -31,6 +31,8 @@ with the [Pulumi Cloud](/docs/pulumi-cloud/).
 > - [Auth0](/docs/pulumi-cloud/access-management/saml/auth0/)
 > - [OneLogin](/docs/pulumi-cloud/access-management/saml/onelogin/)
 
+{{< sso-saml-limits-info type="SAML" >}}
+
 ## Terminology
 
 - **IdP** stands for Identity Provider. An IdP is a service that acts as a user directory.

content/docs/pulumi-cloud/access-management/scim/_index.md

@@ -24,6 +24,8 @@ The [Pulumi Cloud](https://app.pulumi.com) supports System for Cross-domain Iden
 If desired, in addition to the SCIM-managed teams, one can also configure and manage Pulumi-local teams in the Pulumi Cloud. See [Teams](/docs/pulumi-cloud/access-management/teams/) for how to configure teams in the Pulumi Cloud.
     {{% /notes %}}
 
+{{< sso-scim-limits-info idp="your Identity Provider" >}}
+
 To set up synchronization between Pulumi and your SAML 2.0 identity provider, refer to one of our example guides:
 
 - [Azure Active Directory](/docs/pulumi-cloud/access-management/scim/azuread/)

content/docs/pulumi-cloud/access-management/scim/azuread.md

@@ -20,6 +20,8 @@ aliases:
 
 This document outlines the steps required to configure automatic provisioning/deprovisioning of your users in Pulumi using SCIM 2.0.
 
+{{< sso-scim-limits-info idp="Azure AD" >}}
+
 Please note that some advanced SCIM features aren't supported yet. For more information, see [Known Limitations](#known-limitations).
 
 ## Prerequisites

content/docs/pulumi-cloud/access-management/scim/faq.md

@@ -18,6 +18,8 @@ aliases:
   - /docs/guides/scim/faq/
 ---
 
+{{< sso-scim-limits-info idp="your Identity Provider" >}}
+
 ## FAQ
 
 This page contains information on how to resolve issues that may occur when configuring SCIM provisioning.

content/docs/pulumi-cloud/access-management/scim/okta.md

@@ -20,6 +20,8 @@ aliases:
 
 This document outlines the steps required to help you configure automatic provisioning/deprovisioning of your users and groups in Pulumi using SCIM 2.0.
 
+{{< sso-scim-limits-info idp="Okta" >}}
+
 Please note that some advanced SCIM features aren't supported yet. For more information, see [Known Limitations](#known-limitations).
 
 ## Prerequisites

content/docs/pulumi-cloud/access-management/scim/onelogin.md

@@ -20,6 +20,8 @@ aliases:
 
 This document outlines the steps required to help you configure automatic provisioning/deprovisioning of your users and groups in Pulumi using SCIM 2.0.
 
+{{< sso-scim-limits-info idp="OneLogin" >}}
+
 Please note that some advanced SCIM features aren't supported yet. For more information, see [Known Limitations](#known-limitations).
 
 ## Prerequisites

devbox.json

@@ -0,0 +1,20 @@
+{
+  "$schema": "https://raw.githubusercontent.com/jetify-com/devbox/0.13.6/.schema/devbox.schema.json",
+  "packages": [
+    "pulumi",
+    "nodejs@18",
+    "[email protected]",
+    "[email protected]",
+    "bash",
+    "[email protected]",
+    "[email protected]",
+    "dotnet-sdk@6"
+  ],
+  "env": {},
+  "shell": {
+    "init_hook": [
+      "make ensure"
+    ],
+    "scripts": {}
+  }
+}