mongodb
diff --git a/‎snooty.toml
Lines changed: 12 additions & 1 deletion b/‎snooty.toml
Lines changed: 12 additions & 1 deletion
diff --git a/‎source/includes/authentication-oidc-intro.rst
Lines changed: 4 additions & 3 deletions b/‎source/includes/authentication-oidc-intro.rst
Lines changed: 4 additions & 3 deletions
diff --git a/‎source/includes/steps-configure-oidc-azure.yaml
Lines changed: 3 additions & 3 deletions b/‎source/includes/steps-configure-oidc-azure.yaml
Lines changed: 3 additions & 3 deletions
diff --git a/‎source/includes/steps-configure-oidc-user-group.rst
Lines changed: 62 additions & 0 deletions b/‎source/includes/steps-configure-oidc-user-group.rst
Lines changed: 62 additions & 0 deletions
diff --git a/‎source/includes/steps-configure-oidc-user.yaml
Lines changed: 71 additions & 36 deletions b/‎source/includes/steps-configure-oidc-user.yaml
Lines changed: 71 additions & 36 deletions
diff --git a/‎source/includes/steps-delete-oidc-configuration.rst
Lines changed: 27 additions & 0 deletions b/‎source/includes/steps-delete-oidc-configuration.rst
Lines changed: 27 additions & 0 deletions
diff --git a/‎source/includes/steps-edit-oidc-configuration.rst
Lines changed: 34 additions & 0 deletions b/‎source/includes/steps-edit-oidc-configuration.rst
Lines changed: 34 additions & 0 deletions
@@ -8,7 +8,10 @@ intersphinx = [ "https://docs.mongodb.com/manual/objects.inv",
                 "https://www.mongodb.com/docs/mongodb-shell/objects.inv",
                 "https://www.mongodb.com/docs/datalake/objects.inv",
                 "https://www.mongodb.com/docs/atlas/app-services/objects.inv",
-                "https://www.mongodb.com/docs/cluster-to-cluster-sync/current/objects.inv"
+                "https://www.mongodb.com/docs/cluster-to-cluster-sync/current/objects.inv",
+                "https://www.mongodb.com/docs/languages/python/pymongo-driver/objects.inv",
+                "https://www.mongodb.com/docs/drivers/java/sync/current/objects.inv",
+                "https://www.mongodb.com/docs/drivers/node/current/objects.inv"
               ]
 
 toc_landing_pages = [
@@ -31,6 +34,7 @@ toc_landing_pages = [
     "/tutorial/configure-local-mode",
     "/tutorial/slack-integration",
     "/tutorial/configure-public-api-access",
+    "/tutorial/enable-oidc-authentication-for-group",
     "/tutorial/manage-users",
     "/tutorial/manage-alert-configurations",
     "/tutorial/nav/access-control",
@@ -88,12 +92,15 @@ mdbagent-version-cloud = "11.11.0.7355"
 mdbagent-version-opsmgr = "10.14.31.6566"
 mdbagent-wa = "MongoDB Agent with Automation"
 mongosh = ":binary:`~bin.mongosh`"
+oauth2 = "OAuth 2.0"
 onprem = "Ops Manager"
 onprem-full = "MongoDB Ops Manager"
 opsmgr-example-url = "<OpsManagerHost>:<Port>"
 opsmgr-url = "<OpsManagerHost>:<Port>"
+pkce = ":abbr:`PKCE (Proof Key of Code Exchange)`"
 version = "8.0"
 wif = "Workforce Identity Federation"
+workload = "Workload Identity Federation"
 
 [substitutions]
 2fa = ":abbr:`2FA (two-factor authentication)`"
@@ -110,6 +117,7 @@ application-s = "Ops Manager Applications"
 application = "Ops Manager Application"
 aws = ":abbr:`AWS (Amazon Web Services)`"
 azure = ":abbr:`Azure (Microsoft Azure)`"
+azure-ad = "Microsoft Entra ID"
 gcp = ":abbr:`GCP (Google Cloud Platform)`"
 bic-full = ":bic:`MongoDB Connector for BI </>`"
 bic-short = ":bic:`BI Connector </>`"
@@ -151,6 +159,7 @@ https = ":abbr:`HTTPS (Hypertext Transfer Protocol Secure)`"
 iam = ":abbr:`IAM (Identity and Access Management)`"
 iana = ":abbr:`IANA (Internet Assigned Numbers Authority)`"
 idp = ":abbr:`IdP (Identity Provider)`"
+idp-full = "Identity Provider"
 idps = ":abbr:`IdPs (Identity Providers)`"
 ietf = ":abbr:`IETF (Internet Engineering Task Force)`"
 index-page-title = "MongoDB Ops Manager"
@@ -170,6 +179,7 @@ jedec = ":abbr:`JEDEC (Joint Electron Device Engineering Council Solid State Tec
 jira = "`Jira <https://jira.mongodb.org>`__"
 json = ":abbr:`JSON (Javascript Object Notation)`"
 jvm = ":abbr:`JVM (Java Virtual Machine)`"
+jwt = ":abbr:`JWT (JSON Web Token)`"
 k8s-configmap = "`ConfigMap <https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/>`__"
 k8s-configmaps = "`ConfigMaps <https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/>`__"
 k8s-crd = "`CustomResourceDefinition <https://kubernetes.io/docs/tasks/access-kubernetes-api/extend-api-custom-resource-definitions/>`__"
@@ -274,5 +284,6 @@ vm = ":abbr:`VM (Virtual Machine)`"
 vmg = ":abbr:`VMG (Virtual Machine Group)`"
 vmg-full = "Virtual Machine Group"
 win-http-service = "MongoDB Ops Manager HTTP Service"
+workload = "Workload Identity Federation"
 xml = ":abbr:`XML (eXtensible Markup Language)`"
 yaml = ":abbr:`YAML (Yet Another Markup Language)`"
@@ -1,7 +1,8 @@
 `MongoDB Enterprise
 <https://www.mongodb.com/products/mongodb-enterprise-advanced>`_
 allows authentication using OIDC. To authenticate with  `OIDC
-<https://openid.net/>`__, you must first register your |oidc|
-or OAuth application with an |idp| that supports |oidc| standard,
-such as as :abbr:`Azure AD (Azure Active Directory)`, Okta, and Ping
+<https://openid.net/>`__, complete the steps on this page.
+You must first :ref:`register <register-oidc>` 
+your |oidc| or OAuth application with an |idp| that supports the |oidc| standard,
+such as as |azure-ad|, Okta, and Ping
 Identity.
@@ -127,14 +127,14 @@ content: |
      :guilabel:`OpenID Connect metadata document` |url| and
      copying the value for ``issuer``.
 
-  The following table shows what these :abbr:`Azure AD (Azure Active
-  Directory)` UI values map to in our |mms| Configuration Properties:
+  The following table shows what these |azure-ad| 
+  UI values map to in our |mms| Configuration Properties:
       
   .. list-table::
      :header-rows: 1
      :widths: 50 50
 
-     * - :abbr:`Azure AD (Azure Active Directory)` UI 
+     * - |azure-ad| UI 
        - |mms| Configuration Property
 
      * - :guilabel:`Application (client) ID` 
 
@@ -0,0 +1,62 @@
+.. procedure:: 
+   :style: normal
+   
+   .. step:: Navigate to the :guilabel:`MongoDB Roles` tab for your deployment.
+        
+      a. Select the organization that
+         contains your project from the |ui-org-menu| in the
+         navigation bar.
+
+      #. Select your project
+         from the :guilabel:`Projects` menu in the navigation bar.
+
+      #. Click :guilabel:`Deployment` in 
+         the sidebar.
+      
+      #. Click the :guilabel:`Security` tab.
+      #. Click the :guilabel:`MongoDB Roles` tab.
+
+   .. step:: Click :guilabel:`Add New Role`.
+
+   .. step:: Create the OIDC role.
+
+      a. Enter the following fields:
+
+         .. list-table::
+            :header-rows: 1
+            :widths: 20 20 60
+
+            * - Field
+              - Necessity
+              - Description
+
+            * - :guilabel:`Identifier`
+              - Required
+              - In the :guilabel:`Database` box, enter ``admin``.
+                
+                In the :guilabel:`Name` box, enter your |oidc| |idp| configuration
+                name and the group name from your external identity provider,
+                separated by a slash ``/``:
+
+                .. code-block:: none
+
+                   {configuration_name}/{group_name}
+
+            * - :guilabel:`Inherits From`
+              - Optional
+              - A list of role name and database pairs. The format for these
+                pairs are ``roleName@dbName``.
+
+            * - :guilabel:`Authentication Restrictions`
+              - Optional
+              - A list of IP addresses or CIDR notations that you want to
+                restrict from your |idp|.
+
+            * - :guilabel:`Privilege Actions by Resource`
+              - Optional
+              - Actions permitted on the resource.
+
+                To learn more, see :manual:`Privilege Actions </reference/privilege-actions/>`.
+
+      #. Click :guilabel:`Add Role`. 
+
@@ -1,66 +1,101 @@
 ---
 stepnum: 1
-ref: oidc-user-mongodb-roles
+ref: oidc-user-mongodb-users
 level: 4
-title: "Navigate to the :guilabel:`MongoDB Roles` tab for your deployment."
+title: "Navigate to the :guilabel:`MongoDB Users` tab for your deployment."
 content: |
 
-  a. If it is not already displayed, select the organization that
-     contains your desired project from the |ui-org-menu| in the
+  a. Select the organization that
+     contains your project from the |ui-org-menu| in the
      navigation bar.
 
-  #. If it is not already displayed, select your desired project
+  #. Select your project
      from the :guilabel:`Projects` menu in the navigation bar.
 
-  #. If it is not already displayed, click :guilabel:`Deployment` in 
+  #. Click :guilabel:`Deployment` in 
      the sidebar.
   
   #. Click the :guilabel:`Security` tab.
-  #. Click the :guilabel:`MongoDB Roles` tab.
+  #. Click the :guilabel:`MongoDB Users` tab.
 
 ---
-stepnum: 2
-ref: oidc-user-click-create
+stepnum: 3
+ref: oidc-click-add-user
 level: 4
-title: "Click :guilabel:`Add New Role`."
-
+title: "Click :guilabel:`Add New User`."
 ---
-stepnum: 3
-ref: oidc-user-create-role
+stepnum: 4
+ref: oidc-add-user
 level: 4
-title: "Create the OIDC role."
+title: "Add the OIDC user."
 content: |
 
-  a. Enter the following fields:
+  .. note::
+     
+     Before you add users, ensure that you've 
+     :ref:`created any roles <om-custom-roles>`
+     that you want to assign to the users.
+
+  a. Complete the user account fields:
 
      .. list-table::
-        :header-rows: 1
-        :widths: 20 20 60
+      :widths: 20 80
+      :header-rows: 1
+
+      * - Field
+        - Description
 
-        * - Field
-          - Necessity
-          - Description
+      * - :guilabel:`Identifier`
 
-        * - :guilabel:`Identifier`
-          - Required
-          - In the :guilabel:`database` box, enter ``admin``.
-            
-            In the :guilabel:`name` box, enter your ``projectId`` and
-            group name from your |idp| separated by a slash ``/``:
+        - 
+          - In the first field, enter the ``$external`` database.
+
+          - In the second field, enter a username using your |oidc| |idp| configuration
+            name and the user principal claim from your configuration separated by a slash ``/``:
 
             .. code-block:: none
 
-               {projectId}/{group_name}
+               {configuration_name}/{user_principal_claim}
+
+      * - :guilabel:`Roles`
+
+        - Enter any available user-defined roles and :manual:`built-in
+          roles </reference/built-in-roles>` into this box. The combo 
+          box provides a list of existing roles when you click in it.
+
+      * - :guilabel:`Authentication Restrictions`
+
+        - 
+          a. Click :guilabel:`Add Entry`.
 
-        * - :guilabel:`Inherits From`
-          - Optional
-          - A list of role name and database pairs. The format for these
-            pairs are ``roleName@dbName``.
+          b. Add one or more |ipaddr| addresses and/or |cidr| blocks in 
+             either the :guilabel:`Client Source` or :guilabel:`Server 
+             Address` boxes. Separate multiple addresses or blocks with 
+             commas.
 
-        * - :guilabel:`Authentication Restrictions`
-          - Optional
-          - A list of IP addresses or CIDR notations that you want to
-            restrict from your |idp|.
+             - :guilabel:`Client Source` restricts which addresses this 
+               user can authenticate and use the given roles.
 
-  #. Click :guilabel:`Add Role`. 
+             - :guilabel:`Server Address` restricts the addresses this 
+               user can authenticate and has the given roles.
+
+          c. Click :guilabel:`Save`.
+
+          d. To add another entry, click :guilabel:`Add Entry`.
+
+  #. Click :guilabel:`Add User`.
+
+---
+level: 4
+stepnum: 5
+source:
+  file: steps-source-deployment-page.yaml
+  ref: review-deployment
+---
+level: 4
+stepnum: 6
+source:
+  file: steps-source-deployment-page.yaml
+  ref: confirm-deployment
 ...
+
@@ -0,0 +1,27 @@
+.. procedure::
+   :style: normal
+      
+   .. step:: Navigate to the :guilabel:`Security Settings` dialog for your deployment.
+
+      a. Select the organization that
+         contains your project from the |ui-org-menu| in the
+         navigation bar.
+
+      #. Select your project
+         from the :guilabel:`Projects` menu in the navigation bar.
+
+      #. Click :guilabel:`Deployment` in 
+         the sidebar.
+      #. Click the :guilabel:`Security` tab.
+      #. Click the :guilabel:`Settings` tab.
+
+   .. step:: Remove the configuration.
+
+      a. Scroll to the :guilabel:`OIDC Connection and Authorization
+         (Required for OIDC)` section.
+      
+      #. For the configuration that you want to delete, click the
+         :guilabel:`REMOVE` button.
+
+      #. In the :guilabel:`Removing OIDC IdP configuration?` dialog box, 
+         click :guilabel:`Remove`.
@@ -0,0 +1,34 @@
+.. procedure::
+   :style: normal
+      
+   .. step:: Navigate to the :guilabel:`Security Settings` dialog for your deployment.
+
+      a. Select the organization that
+         contains your project from the |ui-org-menu| in the
+         navigation bar.
+
+      #. Select your project
+         from the :guilabel:`Projects` menu in the navigation bar.
+
+      #. Cick :guilabel:`Deployment` in 
+         the sidebar.
+      #. Click the :guilabel:`Security` tab.
+      #. Click the :guilabel:`Settings` tab.
+
+   .. step:: Edit the configuration.
+
+      a. Scroll to the :guilabel:`OIDC Connection and Authorization
+         (Required for OIDC)` section.
+      
+      #. For the configuration that you want to edit, click the
+         :guilabel:`EDIT` button.
+
+      #. Make changes to the configuration.
+
+   .. step:: Click :guilabel:`Save Configuration`.
+   .. step:: Click :guilabel:`Save Settings`.
+   .. step:: Click :guilabel:`Review & Deploy` to review your changes.
+   .. step:: Click :guilabel:`Confirm & Deploy` to deploy your changes.
+      
+      Otherwise, click :guilabel:`Cancel` and you can make
+      additional changes.