Add new flags and values

manage/identity-providers/add-an-idp.mdx

@@ -33,7 +33,7 @@ Here is an example using Microsoft Azure Entra ID as SSO for Pangolin:
 Organization identity providers are configured per organization and only apply to that specific organization. Each org can have its own identity providers, allowing for authentication methods based on the organization's needs.
 
 <Note>
-	Available in Pangolin Cloud and [Enterprise Edition](/self-host/enterprise-edition). For [Enterprise Edition](/self-host/enterprise-edition), you must enable `use_org_only_idp` in the [private config file](/self-host/advanced/private-config-file#param-use-org-only-idp) `privateConfig.yml`.
+	Available in Pangolin Cloud and [Enterprise Edition](/self-host/enterprise-edition). For [Enterprise Edition](/self-host/enterprise-edition), you must set `app.identity_provider_mode: "org"` in the [private config file](/self-host/advanced/private-config-file#param-identity-provider-mode) `privateConfig.yml`.
 </Note>
 
 ### Global Identity Providers

manage/identity-providers/azure.mdx

@@ -4,7 +4,7 @@ description: "Configure Azure Entra ID Single Sign-On"
 ---
 
 <Note>
-Azure SSO is only available on Pangolin Cloud and [Enterprise Edition](/self-host/enterprise-edition) deployments. In [Enterprise Edition](/self-host/enterprise-edition), you must enable `use_org_only_idp` in your [private config file](/self-host/advanced/private-config-file) `privateConfig.yml`.
+Azure SSO is only available on Pangolin Cloud and [Enterprise Edition](/self-host/enterprise-edition) deployments. In [Enterprise Edition](/self-host/enterprise-edition), you must set `app.identity_provider_mode: "org"` in your [private config file](/self-host/advanced/private-config-file) `privateConfig.yml`.
 </Note>
 
 The following steps will integrate Microsoft SSO using the built in Azure Entra ID identity provider in Pangolin.

manage/identity-providers/google.mdx

@@ -4,7 +4,7 @@ description: "Configure Google Single Sign-On"
 ---
 
 <Note>
-Google SSO is only available on Pangolin Cloud and [Enterprise Edition](/self-host/enterprise-edition) deployments. In [Enterprise Edition](/self-host/enterprise-edition), you must enable `use_org_only_idp` in your [private config file](/self-host/advanced/private-config-file#param-use-org-only-idp) `privateConfig.yml`.
+Google SSO is only available on Pangolin Cloud and [Enterprise Edition](/self-host/enterprise-edition) deployments. In [Enterprise Edition](/self-host/enterprise-edition), you must set `app.identity_provider_mode: "org"` in your [private config file](/self-host/advanced/private-config-file#param-use-org-only-idp) `privateConfig.yml`.
 </Note>
 
 The following steps will integrate Google SSO using the built in Google identity provider in Pangolin.

self-host/advanced/config-file.mdx

@@ -745,6 +745,16 @@ This section contains the complete reference for all configuration options in `c
         When enabled, only domains created through the UI are allowed.
       </Note>
     </ResponseField>
+    
+    <ResponseField name="disable_enterprise_features" type="boolean">
+      Whether to disable features that are only available in the Enterprise Edition from showing in the UI.
+
+      **Default**: `false`
+
+      <Note>
+        When enabled, Enterprise-only features are hidden from the UI. 
+      </Note>
+    </ResponseField> 
   </Expandable>
 </ResponseField>
 

self-host/advanced/private-config-file.mdx

@@ -14,8 +14,8 @@ The private configuration file is only used on enterprise deployments. If you're
 Here's a basic example with common settings:
 
 ```yaml title="private-config.yml"
-flags:
-  use_org_only_idp: false
+app:
+  identity_provider_mode: "org"
 
 branding:
   app_name: "My Company Portal"
@@ -31,7 +31,20 @@ This section contains the complete reference for all configuration options in `p
 <ResponseField name="app" type="object">
   Regional and base domain configuration for multi-region deployments.
 
-  <Expandable title="properties">
+    <Expandable title="properties">
+	  <ResponseField name="identity_provider_mode" type="string" default="global">
+	    Set the identity provider (IdP) mode for authentication. By default both global and org pages will show until set. See the [Identity Providers documentation](/manage/identity-providers/add-an-idp#identity-provider-types) for more details on how this affects authentication and user management.
+					
+		Possible values:
+		- `global`: (default) Both global and organization-level IdP login pages are available. Users can authenticate using either global or organization-specific identity providers.
+		- `org`: Only organization-level IdP login pages are available. Users must authenticate using identity providers defined at the organization
+					
+	    ```yaml
+	    app:
+	      identity_provider_mode: "org"
+	    ```
+	  </ResponseField>
+  
     <ResponseField name="region" type="string" default="default">
       The region identifier for this Pangolin instance. Used for multi-region deployments.
       
@@ -49,7 +62,7 @@ This section contains the complete reference for all configuration options in `p
   Advanced server configuration including encryption keys and API integrations.
 
   <Expandable title="properties">
-    <ResponseField name="encryption_key_path" type="string" default="./config/encryption.pem" required>
+    <ResponseField name="encryption_key" type="string" default="./config/encryption.pem" required>
       Path to the RSA private key used for encrypting sensitive data. Must be at least 8 characters long. THIS IS ONLY USED WITH pangolin_dns FEATURE FLAG ENABLED AND REQUIRES EXTERNAL COMPONENTS.
       
       ```yaml
@@ -173,6 +186,8 @@ This section contains the complete reference for all configuration options in `p
 
   <Expandable title="properties">
     <ResponseField name="use_org_only_idp" type="boolean" default="false">
+      **DEPRECATED**! See `app.identity_provider_mode: "org"` instead.
+    
       Restrict identity provider (IdP) authentication to organization-level only.
       
       ```yaml