8c4be1c529
* Update docs replacements to AWX (#15349) Update replacements to AWX Signed-off-by: Sandra McCann <samccann@redhat.com> (cherry picked from commit 9979fc659efbf4d54a39f9f36912d5ed7b0fa6cd) * Remove remnants of controller terms from quickstart docs (#15350) Remove remnants of controller terms from quickstart Signed-off-by: Sandra McCann <samccann@redhat.com> (cherry picked from commit 864a30e3d451e6daf39421a598f725419f105101) * Remove references to translated versions of the docs (#15354) remove references to translated versions of the docs Signed-off-by: Sandra McCann <samccann@redhat.com> Co-authored-by: TVo <thavo@redhat.com> (cherry picked from commit 5f42db67e6fbcffa8e5b26553d41273b7730344c) * update terminology (#15357) * update terminology Replace some instances of Tower with AWX and remove some references to enterprise left over from the migration of RST content from the Automation Controller docs. * Update docs/docsite/rst/userguide/overview.rst Co-authored-by: TVo <thavo@redhat.com> --------- Co-authored-by: TVo <thavo@redhat.com> (cherry picked from commit f1448fced1411b9d7cce19a0ad91df992e447014) * Replaced all references of downstream docs to upstream docs (#15388) * Replaced all references of downstream docs to upstream docs. * Update README.md Co-authored-by: Don Naro <dnaro@redhat.com> * Update README.md.j2 Co-authored-by: Don Naro <dnaro@redhat.com> * Update README.md.j2 Co-authored-by: Don Naro <dnaro@redhat.com> * Incorpor'd review feedback from @oraNod and @samccann * Updated with agreed link (for now) until further change is needed. --------- Co-authored-by: Don Naro <dnaro@redhat.com> (cherry picked from commit 018f235a645163ee820ff33b47a70194fabeea66) * Re-do PR #14685 for alt-text inventories. (#15394) (cherry picked from commit 6d0c47fdd0f0ca00c06afb5db5bd49c8da995a50) * Docs: add Communication guide (#15469) * Docs: add Communication guide * Update docs/docsite/rst/contributor/communication.rst Co-authored-by: Don Naro <dnaro@redhat.com> * Update docs/docsite/rst/contributor/communication.rst --------- Co-authored-by: Don Naro <dnaro@redhat.com> (cherry picked from commit 79c1921ea480ae26b0d7faf6e1a8e89b61f76c30) --------- Co-authored-by: Don Naro <dnaro@redhat.com> Co-authored-by: TVo <thavo@redhat.com> Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
This folder describes third-party authentications supported by AWX. These authentications can be configured and enabled inside AWX.
When a user wants to log into AWX, she can explicitly choose some of the supported authentications to log in instead of AWX's own authentication using username and password. Here is a list of such authentications:
- Google OAuth2
- Github OAuth2
- Github Organization OAuth2
- Github Team OAuth2
- Github Enterprise OAuth2
- Github Enterprise Organization OAuth2
- Github Enterprise Team OAuth2
- Microsoft Azure Active Directory (AD) OAuth2
On the other hand, the other authentication methods use the same types of login info (username and password), but authenticate using external auth systems rather than AWX's own database. If some of these methods are enabled, AWX will try authenticating using the enabled methods before AWX's own authentication method. The order of precedence is:
- LDAP
- RADIUS
- TACACS+
- SAML
AWX will try authenticating against each enabled authentication method in the specified order, meaning if the same username and password is valid in multiple enabled auth methods (e.g., both LDAP and TACACS+), AWX will only use the first positive match (in the above example, log a user in via LDAP and skip TACACS+).
Notes:
SAML users, RADIUS users and TACACS+ users are categorized as 'Enterprise' users. The following rules apply to Enterprise users:
- Enterprise users can only be created via the first successful login attempt from remote authentication backend.
- Enterprise users cannot be created/authenticated if non-enterprise users with the same name has already been created in AWX.
- AWX passwords of Enterprise users should always be empty and cannot be set by any user if there are enterprise backends enabled.
- If enterprise backends are disabled, an Enterprise user can be converted to a normal AWX user by setting password field. But this operation is irreversible (the converted AWX user can no longer be treated as Enterprise user).