Add the new UCP configuration point

2019-09-26 09:47:44 -04:00 · 2019-09-26 09:47:44 -04:00 · 97f536288e
parent 7d28ee8670
commit 97f536288e
3 changed files with 11 additions and 7 deletions
--- a/ee/ucp/admin/configure/external-auth/index.md
+++ b/ee/ucp/admin/configure/external-auth/index.md
@ -105,20 +105,20 @@ email address, for example, `jane.doe@subsidiary1.com`.
 ## Configure the LDAP integration

 To configure UCP to create and authenticate users by using an LDAP directory,
-go to the UCP web interface, navigate to the **Admin Settings** page and click
+go to the UCP web interface, navigate to the **Admin Settings** page, and click
 **Authentication & Authorization** to select the method used to create and
-authenticate users.
+authenticate users. [Learn about additional UCP configuration options](../../configure/ucp-configuration-file.md#configuration-options).

-![](../../../images/authentication-authorization.png)
+![](../../../images/admin-settings-tab-session.png){: .with-border}

-In the **LDAP Enabled** section, click **Yes** to The LDAP settings appear.
+In the **LDAP Enabled** section, click **Yes**. 
 Now configure your LDAP directory integration.

 ## Default role for all private collections

 Use this setting to change the default permissions of new users.

-Click the dropdown to select the permission level that UCP assigns by default
+Click the drop-down menu to select the permission level that UCP assigns by default
 to the private collections of new users. For example, if you change the value
 to `View Only`, all users who log in for the first time after the setting is
 changed have `View Only` access to their private collections, but permissions
@ -141,13 +141,16 @@ Click **Yes** to enable integrating UCP users and teams with LDAP servers.
 | No simple pagination  | If your LDAP server doesn't support pagination.                                                                                                                           |
 | Just-In-Time User Provisioning | Whether to create user accounts only when users log in for the first time. The default value of `true` is recommended. If you upgraded from UCP 2.0.x, the default is `false`. |

-> **Note**: LDAP connections using certificates created with TLS v1.2 do not currently advertise support for sha512WithRSAEncryption in the TLS handshake which leads to issues establishing connections with some clients. Support for advertising sha512WithRSAEncryption will be added in UCP 3.1.0.
+> Note
+> 
+> LDAP connections using certificates created with TLS v1.2 do not currently advertise support for sha512WithRSAEncryption in the TLS handshake which leads to issues establishing connections with 
+> some clients. Support for advertising sha512WithRSAEncryption will be added in UCP 3.1.0.

 ![](../../../images/ldap-integration-1.png){: .with-border}

 Click **Confirm** to add your LDAP domain.

- To integrate with more LDAP servers, click **Add LDAP Domain**.
+To integrate with more LDAP servers, click **Add LDAP Domain**.

 ## LDAP user search configurations

--- a/ee/ucp/admin/configure/ucp-configuration-file.md
+++ b/ee/ucp/admin/configure/ucp-configuration-file.md
@ -82,6 +82,7 @@ docker container run --rm {{ page.ucp_org }}/{{ page.ucp_repo }}:{{ page.ucp_ver
 | `lifetime_minutes`          | no       | The initial session lifetime, in minutes. The default is 60 minutes.                                                                                                                                                                                                                     |
 | `renewal_threshold_minutes` | no       | The length of time, in minutes, before the expiration of a session where, if used, a session will be extended by the current configured lifetime from then. A zero value disables session extension. The default is 20 minutes.                                                          |
 | `per_user_limit`            | no       | The maximum number of sessions that a user can have active simultaneously. If creating a new session would put a user over this limit, the least recently used session will be deleted. A value of zero disables limiting the number of sessions that users may have. The default is 10. |
+| `auth.storeTokenPerSession` | no | If set, the user token is stored in `sessionStorage` instead of `localStorage`. Note that this option will log the user out and require them to log back in since they are actively changing how their authentication is stored. |

 ### registries array (optional)

--- a/ee/ucp/images/admin-settings-tab-session.png
+++ b/ee/ucp/images/admin-settings-tab-session.png