diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/auth0/1_create-app-auth0.png b/public/docs-static/img/selfhosted/identity-providers/managed/auth0/1_create-app-auth0.png
new file mode 100644
index 00000000..a8cdfb7d
Binary files /dev/null and b/public/docs-static/img/selfhosted/identity-providers/managed/auth0/1_create-app-auth0.png differ
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/auth0/2_create-web-app-auth0.png b/public/docs-static/img/selfhosted/identity-providers/managed/auth0/2_create-web-app-auth0.png
new file mode 100644
index 00000000..05661104
Binary files /dev/null and b/public/docs-static/img/selfhosted/identity-providers/managed/auth0/2_create-web-app-auth0.png differ
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/auth0/3_add-save-callback-url-auth0.png b/public/docs-static/img/selfhosted/identity-providers/managed/auth0/3_add-save-callback-url-auth0.png
new file mode 100644
index 00000000..973025bb
Binary files /dev/null and b/public/docs-static/img/selfhosted/identity-providers/managed/auth0/3_add-save-callback-url-auth0.png differ
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/auth0/4_copy-client-secret-ids-auth0.png b/public/docs-static/img/selfhosted/identity-providers/managed/auth0/4_copy-client-secret-ids-auth0.png
new file mode 100644
index 00000000..b746a724
Binary files /dev/null and b/public/docs-static/img/selfhosted/identity-providers/managed/auth0/4_copy-client-secret-ids-auth0.png differ
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/auth0/5_netbird-idp-config-auth0.png b/public/docs-static/img/selfhosted/identity-providers/managed/auth0/5_netbird-idp-config-auth0.png
new file mode 100644
index 00000000..16551ee6
Binary files /dev/null and b/public/docs-static/img/selfhosted/identity-providers/managed/auth0/5_netbird-idp-config-auth0.png differ
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/auth0/auth0-create-interactive-login-app.png b/public/docs-static/img/selfhosted/identity-providers/managed/auth0/advanced/auth0-create-interactive-login-app.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/auth0/auth0-create-interactive-login-app.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/auth0/advanced/auth0-create-interactive-login-app.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/auth0/auth0-create-machine-app.png b/public/docs-static/img/selfhosted/identity-providers/managed/auth0/advanced/auth0-create-machine-app.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/auth0/auth0-create-machine-app.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/auth0/advanced/auth0-create-machine-app.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/auth0/auth0-grant-types.png b/public/docs-static/img/selfhosted/identity-providers/managed/auth0/advanced/auth0-grant-types.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/auth0/auth0-grant-types.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/auth0/advanced/auth0-grant-types.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/auth0/auth0-interactive-login-settings.png b/public/docs-static/img/selfhosted/identity-providers/managed/auth0/advanced/auth0-interactive-login-settings.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/auth0/auth0-interactive-login-settings.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/auth0/advanced/auth0-interactive-login-settings.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/auth0/auth0-machine-authorization.png b/public/docs-static/img/selfhosted/identity-providers/managed/auth0/advanced/auth0-machine-authorization.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/auth0/auth0-machine-authorization.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/auth0/advanced/auth0-machine-authorization.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/auth0/auth0-machine-settings.png b/public/docs-static/img/selfhosted/identity-providers/managed/auth0/advanced/auth0-machine-settings.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/auth0/auth0-machine-settings.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/auth0/advanced/auth0-machine-settings.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/1_0auth-client-id-google.png b/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/1_0auth-client-id-google.png
new file mode 100644
index 00000000..025d3c7e
Binary files /dev/null and b/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/1_0auth-client-id-google.png differ
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/2_copy-redirect-google.png b/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/2_copy-redirect-google.png
new file mode 100644
index 00000000..facd5bd7
Binary files /dev/null and b/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/2_copy-redirect-google.png differ
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/3_paste-uri-google.png b/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/3_paste-uri-google.png
new file mode 100644
index 00000000..5a2e0774
Binary files /dev/null and b/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/3_paste-uri-google.png differ
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/4_0auth-client-created-google.png b/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/4_0auth-client-created-google.png
new file mode 100644
index 00000000..ecbda2aa
Binary files /dev/null and b/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/4_0auth-client-created-google.png differ
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/5_netbird-complete-google.png b/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/5_netbird-complete-google.png
new file mode 100644
index 00000000..f919d7f3
Binary files /dev/null and b/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/5_netbird-complete-google.png differ
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/google-assign-role.png b/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/advanced/google-assign-role.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/google-assign-role.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/advanced/google-assign-role.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/google-consent-screen-scopes.png b/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/advanced/google-consent-screen-scopes.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/google-consent-screen-scopes.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/advanced/google-consent-screen-scopes.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/google-consent-screen-summary.png b/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/advanced/google-consent-screen-summary.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/google-consent-screen-summary.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/advanced/google-consent-screen-summary.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/google-consent-screen-type.png b/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/advanced/google-consent-screen-type.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/google-consent-screen-type.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/advanced/google-consent-screen-type.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/google-edit-service-account.png b/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/advanced/google-edit-service-account.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/google-edit-service-account.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/advanced/google-edit-service-account.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/google-new-role-info.png b/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/advanced/google-new-role-info.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/google-new-role-info.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/advanced/google-new-role-info.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/google-oauth-client-created.png b/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/advanced/google-oauth-client-created.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/google-oauth-client-created.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/advanced/google-oauth-client-created.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/google-oauth-client.png b/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/advanced/google-oauth-client.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/google-oauth-client.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/advanced/google-oauth-client.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/google-privileges-review.png b/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/advanced/google-privileges-review.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/google-privileges-review.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/advanced/google-privileges-review.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/google-service-account-create.png b/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/advanced/google-service-account-create.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/google-service-account-create.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/advanced/google-service-account-create.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/google-service-account-privileges.png b/public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/advanced/google-service-account-privileges.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/google-service-account-privileges.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/google-workspace/advanced/google-service-account-privileges.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/1_sso-applications.png b/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/1_sso-applications.png
new file mode 100644
index 00000000..55e5c629
Binary files /dev/null and b/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/1_sso-applications.png differ
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/2_custom-applications.png b/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/2_custom-applications.png
new file mode 100644
index 00000000..b9b03305
Binary files /dev/null and b/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/2_custom-applications.png differ
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/3_SSO-with-OIDC.png b/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/3_SSO-with-OIDC.png
new file mode 100644
index 00000000..d3572f37
Binary files /dev/null and b/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/3_SSO-with-OIDC.png differ
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/4_copy-redirect.png b/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/4_copy-redirect.png
new file mode 100644
index 00000000..9f4ea537
Binary files /dev/null and b/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/4_copy-redirect.png differ
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/5_config-jumpcloud-sso.png b/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/5_config-jumpcloud-sso.png
new file mode 100644
index 00000000..a81d3f3b
Binary files /dev/null and b/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/5_config-jumpcloud-sso.png differ
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/6_client-ids.png b/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/6_client-ids.png
new file mode 100644
index 00000000..4da69956
Binary files /dev/null and b/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/6_client-ids.png differ
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/7_jumpcloud-config.png b/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/7_jumpcloud-config.png
new file mode 100644
index 00000000..fb19602e
Binary files /dev/null and b/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/7_jumpcloud-config.png differ
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/jumpcloud-add-admin-user.png b/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/advanced/jumpcloud-add-admin-user.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/jumpcloud-add-admin-user.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/advanced/jumpcloud-add-admin-user.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/jumpcloud-api-key-generation.png b/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/advanced/jumpcloud-api-key-generation.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/jumpcloud-api-key-generation.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/advanced/jumpcloud-api-key-generation.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/jumpcloud-new-sso-app-confirm-selection.png b/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/advanced/jumpcloud-new-sso-app-confirm-selection.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/jumpcloud-new-sso-app-confirm-selection.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/advanced/jumpcloud-new-sso-app-confirm-selection.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/jumpcloud-new-sso-app-confirmation.png b/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/advanced/jumpcloud-new-sso-app-confirmation.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/jumpcloud-new-sso-app-confirmation.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/advanced/jumpcloud-new-sso-app-confirmation.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/jumpcloud-new-sso-app-features.png b/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/advanced/jumpcloud-new-sso-app-features.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/jumpcloud-new-sso-app-features.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/advanced/jumpcloud-new-sso-app-features.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/jumpcloud-new-sso-app-general-info.png b/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/advanced/jumpcloud-new-sso-app-general-info.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/jumpcloud-new-sso-app-general-info.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/advanced/jumpcloud-new-sso-app-general-info.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/jumpcloud-new-sso-app.png b/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/advanced/jumpcloud-new-sso-app.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/jumpcloud-new-sso-app.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/advanced/jumpcloud-new-sso-app.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/jumpcloud-oidc-app.png b/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/advanced/jumpcloud-oidc-app.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/jumpcloud-oidc-app.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/advanced/jumpcloud-oidc-app.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/jumpcloud-profile.png b/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/advanced/jumpcloud-profile.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/jumpcloud-profile.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/advanced/jumpcloud-profile.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/jumpcloud-sso-atributes-configuration.png b/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/advanced/jumpcloud-sso-atributes-configuration.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/jumpcloud-sso-atributes-configuration.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/advanced/jumpcloud-sso-atributes-configuration.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/jumpcloud-sso-configuration.png b/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/advanced/jumpcloud-sso-configuration.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/jumpcloud-sso-configuration.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/advanced/jumpcloud-sso-configuration.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/jumpcloud-user-groups.png b/public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/advanced/jumpcloud-user-groups.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/jumpcloud-user-groups.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/jumpcloud/advanced/jumpcloud-user-groups.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/1_new-registration-microsoft-entra.png b/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/1_new-registration-microsoft-entra.png
new file mode 100644
index 00000000..727204f5
Binary files /dev/null and b/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/1_new-registration-microsoft-entra.png differ
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/2_copy-url-redirect-microsoft-entra.png b/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/2_copy-url-redirect-microsoft-entra.png
new file mode 100644
index 00000000..d0925986
Binary files /dev/null and b/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/2_copy-url-redirect-microsoft-entra.png differ
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/3_select-web-paste-uri-microsoft-entra.png b/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/3_select-web-paste-uri-microsoft-entra.png
new file mode 100644
index 00000000..aa6d617d
Binary files /dev/null and b/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/3_select-web-paste-uri-microsoft-entra.png differ
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/4_new-client-secret-microsoft-entra.png b/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/4_new-client-secret-microsoft-entra.png
new file mode 100644
index 00000000..25498cc4
Binary files /dev/null and b/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/4_new-client-secret-microsoft-entra.png differ
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/5_copy-secret-microsoft-entra.png b/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/5_copy-secret-microsoft-entra.png
new file mode 100644
index 00000000..e8e8aa09
Binary files /dev/null and b/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/5_copy-secret-microsoft-entra.png differ
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/6_netbird-config-filled-microsoft-entra.png b/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/6_netbird-config-filled-microsoft-entra.png
new file mode 100644
index 00000000..a776bcc0
Binary files /dev/null and b/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/6_netbird-config-filled-microsoft-entra.png differ
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure-add-application-scope.png b/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure/azure-add-application-scope.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure-add-application-scope.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure/azure-add-application-scope.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure-add-scope.png b/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure/azure-add-scope.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure-add-scope.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure/azure-add-scope.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure-client-secret.png b/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure/azure-client-secret.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure-client-secret.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure/azure-client-secret.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure-desktop-uri-setup.png b/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure/azure-desktop-uri-setup.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure-desktop-uri-setup.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure/azure-desktop-uri-setup.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure-flows-setup.png b/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure/azure-flows-setup.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure-flows-setup.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure/azure-flows-setup.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure-grant-admin-conset.png b/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure/azure-grant-admin-conset.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure-grant-admin-conset.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure/azure-grant-admin-conset.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure-netbird-api-permisssions.png b/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure/azure-netbird-api-permisssions.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure-netbird-api-permisssions.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure/azure-netbird-api-permisssions.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure-new-application.png b/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure/azure-new-application.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure-new-application.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure/azure-new-application.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure-openid-permissions.png b/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure/azure-openid-permissions.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure-openid-permissions.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure/azure-openid-permissions.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure-spa-uri-setup.png b/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure/azure-spa-uri-setup.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure-spa-uri-setup.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure/azure-spa-uri-setup.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure_api_scope.png b/public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure/azure_api_scope.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure_api_scope.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/microsoft-entra-id/azure/azure_api_scope.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/okta/1_create-app-integration-okta.png b/public/docs-static/img/selfhosted/identity-providers/managed/okta/1_create-app-integration-okta.png
new file mode 100644
index 00000000..b899a8ce
Binary files /dev/null and b/public/docs-static/img/selfhosted/identity-providers/managed/okta/1_create-app-integration-okta.png differ
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/okta/2_oidc-web-app-okta.png b/public/docs-static/img/selfhosted/identity-providers/managed/okta/2_oidc-web-app-okta.png
new file mode 100644
index 00000000..acab0ebf
Binary files /dev/null and b/public/docs-static/img/selfhosted/identity-providers/managed/okta/2_oidc-web-app-okta.png differ
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/okta/3_assignments-okta.png b/public/docs-static/img/selfhosted/identity-providers/managed/okta/3_assignments-okta.png
new file mode 100644
index 00000000..dbb88e7b
Binary files /dev/null and b/public/docs-static/img/selfhosted/identity-providers/managed/okta/3_assignments-okta.png differ
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/okta/4_redirect-url-okta.png b/public/docs-static/img/selfhosted/identity-providers/managed/okta/4_redirect-url-okta.png
new file mode 100644
index 00000000..044df8a9
Binary files /dev/null and b/public/docs-static/img/selfhosted/identity-providers/managed/okta/4_redirect-url-okta.png differ
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/okta/5_sign-in-uri-okta.png b/public/docs-static/img/selfhosted/identity-providers/managed/okta/5_sign-in-uri-okta.png
new file mode 100644
index 00000000..c8bedb3c
Binary files /dev/null and b/public/docs-static/img/selfhosted/identity-providers/managed/okta/5_sign-in-uri-okta.png differ
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/okta/6_client-id-okta.png b/public/docs-static/img/selfhosted/identity-providers/managed/okta/6_client-id-okta.png
new file mode 100644
index 00000000..b99e03ea
Binary files /dev/null and b/public/docs-static/img/selfhosted/identity-providers/managed/okta/6_client-id-okta.png differ
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/okta/7_complte-config-okta.png b/public/docs-static/img/selfhosted/identity-providers/managed/okta/7_complte-config-okta.png
new file mode 100644
index 00000000..f3192d63
Binary files /dev/null and b/public/docs-static/img/selfhosted/identity-providers/managed/okta/7_complte-config-okta.png differ
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/okta/okta-generate-token.png b/public/docs-static/img/selfhosted/identity-providers/managed/okta/advanced/okta-generate-token.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/okta/okta-generate-token.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/okta/advanced/okta-generate-token.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/okta/okta-native-application.png b/public/docs-static/img/selfhosted/identity-providers/managed/okta/advanced/okta-native-application.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/okta/okta-native-application.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/okta/advanced/okta-native-application.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/okta/okta-native-sign-on-configuration.png b/public/docs-static/img/selfhosted/identity-providers/managed/okta/advanced/okta-native-sign-on-configuration.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/okta/okta-native-sign-on-configuration.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/okta/advanced/okta-native-sign-on-configuration.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/okta/okta-new-native-application.png b/public/docs-static/img/selfhosted/identity-providers/managed/okta/advanced/okta-new-native-application.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/okta/okta-new-native-application.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/okta/advanced/okta-new-native-application.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/okta/okta-new-single-page-application.png b/public/docs-static/img/selfhosted/identity-providers/managed/okta/advanced/okta-new-single-page-application.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/okta/okta-new-single-page-application.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/okta/advanced/okta-new-single-page-application.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/okta/okta-single-page-application.png b/public/docs-static/img/selfhosted/identity-providers/managed/okta/advanced/okta-single-page-application.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/okta/okta-single-page-application.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/okta/advanced/okta-single-page-application.png
diff --git a/public/docs-static/img/selfhosted/identity-providers/managed/okta/okta-single-sign-on-configuration.png b/public/docs-static/img/selfhosted/identity-providers/managed/okta/advanced/okta-single-sign-on-configuration.png
similarity index 100%
rename from public/docs-static/img/selfhosted/identity-providers/managed/okta/okta-single-sign-on-configuration.png
rename to public/docs-static/img/selfhosted/identity-providers/managed/okta/advanced/okta-single-sign-on-configuration.png
diff --git a/src/components/NavigationDocs.jsx b/src/components/NavigationDocs.jsx
index 00c0d958..98b7d156 100644
--- a/src/components/NavigationDocs.jsx
+++ b/src/components/NavigationDocs.jsx
@@ -303,11 +303,11 @@ export const docsNavigation = [
title: 'Managed IdPs',
isOpen: true,
links: [
- { title: 'Entra ID', href: '/selfhosted/identity-providers/managed/microsoft-entra-id' },
- { title: 'Okta', href: '/selfhosted/identity-providers/managed/okta' },
{ title: 'Google Workspace', href: '/selfhosted/identity-providers/managed/google-workspace' },
+ { title: 'Microsoft Entra ID', href: '/selfhosted/identity-providers/managed/microsoft-entra-id' },
{ title: 'JumpCloud', href: '/selfhosted/identity-providers/managed/jumpcloud' },
- { title: 'Keycloak', href: '/selfhosted/identity-providers/managed/keycloak' },
+ { title: 'Auth0', href: '/selfhosted/identity-providers/managed/auth0' },
+ { title: 'Okta', href: '/selfhosted/identity-providers/managed/okta' },
]
},
]
diff --git a/src/pages/selfhosted/identity-providers/index.mdx b/src/pages/selfhosted/identity-providers/index.mdx
index d12cb8d5..af9563c4 100644
--- a/src/pages/selfhosted/identity-providers/index.mdx
+++ b/src/pages/selfhosted/identity-providers/index.mdx
@@ -37,7 +37,7 @@ NetBird supports any OIDC-compliant identity providers. Here are some popular pr
| Provider | Type | Best For |
|----------|------|----------|
-| [**Generic OIDC**](#adding-external-identity-providers) | `oidc` | Any OIDC-compliant provider |
+| [**Generic OIDC**](#adding-an-identity-provider) | `oidc` | Any OIDC-compliant provider |
| [**Google**](/selfhosted/identity-providers/managed/google-workspace) | `google` | Google Workspace, personal Google accounts |
| [**Microsoft**](/selfhosted/identity-providers/managed/microsoft-entra-id) | `microsoft` / `entra` | Personal accounts, Azure AD / Entra ID |
| [**Okta**](/selfhosted/identity-providers/managed/okta) | `okta` | Enterprise SSO |
@@ -51,7 +51,7 @@ NetBird supports any OIDC-compliant identity providers. Here are some popular pr
use the generic OIDC configuration.
- ### Adding an Identity Provider
+### Adding an Identity Provider
#### Via Dashboard
diff --git a/src/pages/selfhosted/identity-providers/managed/auth0.mdx b/src/pages/selfhosted/identity-providers/managed/auth0.mdx
index 4ed77564..a56c541a 100644
--- a/src/pages/selfhosted/identity-providers/managed/auth0.mdx
+++ b/src/pages/selfhosted/identity-providers/managed/auth0.mdx
@@ -1,6 +1,6 @@
import {Note} from "@/components/mdx";
-# Auth0
+# Auth0 SSO with NetBird Self-Hosted
[Auth0](https://auth0.com/) is a flexible, drop-in solution to add authentication and authorization services to your applications. It's a managed service that handles identity infrastructure so you don't have to.
@@ -13,22 +13,29 @@ Add Auth0 as an external IdP directly in the NetBird Management Dashboard. This
- NetBird self-hosted with embedded IdP enabled
- Auth0 account (sign up at https://auth0.com/)
-### Step 1: Create Application in Auth0
+### Step 1: Start Creating Application in Auth0
1. Log in to your Auth0 dashboard at https://manage.auth0.com/
2. Go to **Applications** → **Applications**
3. Click **Create Application**
+
+
+ 
+
+
4. Fill in:
- **Name**: `NetBird`
- **Application type**: `Regular Web Application`
-5. Click **Create**
-6. Go to **Settings** tab
-7. Note the **Client ID** and **Client Secret**
-8. Note the **Domain** (e.g., `your-tenant.auth0.com`)
-### Step 2: Add Identity Provider in NetBird
+
+ 
+
-1. Log in to your NetBird Dashboard
+5. Click Create
+
+### Step 2: Get Redirect URL from NetBird
+
+1. Open a new tab or window and log in to your NetBird Dashboard
2. Navigate to **Settings** → **Identity Providers**
3. Click **Add Identity Provider**
4. Fill in the fields:
@@ -37,23 +44,42 @@ Add Auth0 as an external IdP directly in the NetBird Management Dashboard. This
|-------|-------|
| Type | Generic OIDC |
| Name | Auth0 (or your preferred display name) |
-| Client ID | From Auth0 application |
-| Client Secret | From Auth0 application |
-| Issuer | `https://your-tenant.auth0.com` |
+| Client ID | From Auth0 application (will fill after Step 3) |
+| Client Secret | From Auth0 application (will fill after Step 3) |
+| Issuer | `https://your-tenant.auth0.com/` **(must include trailing slash)** (will fill after Step 3) |
-5. Don't click **Add Provider** yet, copy your Redirect URL for the next step.
+5. **Copy the Redirect URL** that NetBird displays (but don't click **Add Provider** yet)
-### Step 3: Configure Redirect URI
+### Step 3: Complete Auth0 Application Setup
-NetBird displays the **Redirect URL**. Copy this URL and add it to your Auth0 application:
-
-1. Return to Auth0 Dashboard → **Applications** → **NetBird**
+1. Return to the Auth0 tab
2. Go to **Settings** tab
-3. Under **Allowed Callback URLs**, add the redirect URL from NetBird
+3. Under **Allowed Callback URLs**, add the redirect URL you copied from NetBird
4. Click **Save Changes**
-5. Click **Add Provider** in NetBird
-### Step 4: Test the Connection
+
+ 
+
+
+5. Note the **Client ID**, **Client Secret**, and **Domain** (e.g., `your-tenant.auth0.com`) at the top of the setting tab — you'll need these for Step 4
+
+
+ 
+
+
+### Step 4: Complete NetBird Setup
+
+1. Return to the NetBird tab
+2. Fill in the **Client ID** and **Client Secret** from Step 3
+3. Update the **Issuer** field with your Auth0 domain if needed (e.g., `https://your-tenant.auth0.com/`)
+
+
+ 
+
+
+4. Click **Add Provider**
+
+### Step 5: Test the Connection
1. Log out of NetBird Dashboard
2. On the login page, you should see an "Auth0" button
@@ -134,14 +160,14 @@ This enables machine authorization via your Identity Provider as an alternative
4. Click **Create**
- 
+ 
5. Click **Settings** tab
6. Copy **Client ID** to `NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID`
- 
+ 
7. Scroll to **Advanced Settings**
@@ -149,7 +175,7 @@ This enables machine authorization via your Identity Provider as an alternative
9. Click **Save Changes**
- 
+ 
### Step 4: Create Machine to Machine Application
@@ -164,7 +190,7 @@ This application authorizes access to Auth0 Management API.
4. Click **Create**
- 
+ 
5. Configure:
@@ -173,7 +199,7 @@ This application authorizes access to Auth0 Management API.
6. Click **Authorize**
- 
+ 
@@ -187,7 +213,7 @@ This application authorizes access to Auth0 Management API.
- **Domain** → `NETBIRD_IDP_MGMT_EXTRA_AUDIENCE` (format: `https:///api/v2/`)
- 
+ 
### Step 5: Configure NetBird
diff --git a/src/pages/selfhosted/identity-providers/managed/google-workspace.mdx b/src/pages/selfhosted/identity-providers/managed/google-workspace.mdx
index 4c393b53..e724f0ac 100644
--- a/src/pages/selfhosted/identity-providers/managed/google-workspace.mdx
+++ b/src/pages/selfhosted/identity-providers/managed/google-workspace.mdx
@@ -1,6 +1,6 @@
import {Note} from "@/components/mdx";
-# Google Workspace
+# Google Workspace SSO with NetBird Self-Hosted
Use Google accounts for authentication with NetBird. This supports both personal Google accounts and Google Workspace (formerly G Suite) organizations.
@@ -13,12 +13,17 @@ Add Google as an external IdP directly in the NetBird Management Dashboard. This
- NetBird self-hosted with embedded IdP enabled
- Access to [Google Cloud Console](https://console.cloud.google.com/)
-### Step 1: Create OAuth Credentials
+### Step 1: Start Creating OAuth Credentials
1. Go to [Google Cloud Console](https://console.cloud.google.com/)
2. Select or create a project
3. Navigate to **APIs & Services** → **Credentials**
4. Click **Create Credentials** → **OAuth client ID**
+
+
+ 
+
+
5. If prompted, configure the OAuth consent screen first:
- Choose **Internal** (for Workspace) or **External** (for any Google account)
- Fill in required fields (app name, support email)
@@ -27,13 +32,13 @@ Add Google as an external IdP directly in the NetBird Management Dashboard. This
6. Back in Credentials, create the OAuth client:
- **Application type**: `Web application`
- **Name**: `NetBird`
- - Leave redirect URIs empty for now
-7. Click **Create**
-8. Note the **Client ID** and **Client Secret**
+ - Leave redirect URIs empty for now (you'll add this in Step 3)
-### Step 2: Add Identity Provider in NetBird
+7. **Don't click Create yet** — keep this tab open and proceed to Step 2
-1. Log in to your NetBird Dashboard
+### Step 2: Get Redirect URL from NetBird
+
+1. Open a new tab or window and log in to your NetBird Dashboard
2. Navigate to **Settings** → **Identity Providers**
3. Click **Add Identity Provider**
4. Fill in the fields:
@@ -42,22 +47,44 @@ Add Google as an external IdP directly in the NetBird Management Dashboard. This
|-------|-------|
| Type | Google |
| Name | Google (or your preferred display name) |
-| Client ID | From Google Cloud Console |
-| Client Secret | From Google Cloud Console |
+| Client ID | From Google Cloud Console (will fill after Step 3) |
+| Client Secret | From Google Cloud Console (will fill after Step 3) |
-5. Don't click **Add Provider** yet, copy your Redirect URL for the next step.
+5. **Copy the Redirect URL** that NetBird displays (but don't click **Add Provider** yet)
-### Step 3: Configure Redirect URI
+
+ 
+
-NetBird displays the **Redirect URL**. Copy this URL and add it to your Google OAuth client:
+### Step 3: Complete Google OAuth Client Setup
-1. Return to Google Cloud Console → **Credentials**
-2. Click on your OAuth client
-3. Under **Authorized redirect URIs**, click **Add URI**
-4. Paste the redirect URL from NetBird
-5. Click **Add Provider**
+1. Return to the Google Cloud Console tab
+2. Under **Authorized redirect URIs**, click **Add URI**
+3. Paste the redirect URL you copied from NetBird
-### Step 4: Test the Connection
+
+ 
+
+
+4. Click **Create**
+5. Note the **Client ID** and **Client Secret** — you'll need these for Step 4
+
+
+ 
+
+
+### Step 4: Complete NetBird Setup
+
+1. Return to the NetBird tab
+2. Fill in the **Client ID** and **Client Secret** from Step 3
+
+
+ 
+
+
+3. Click **Add Provider**
+
+### Step 5: Test the Connection
1. Log out of NetBird Dashboard
2. On the login page, you should see a "Google" button
@@ -101,7 +128,7 @@ Beginning with NetBird version v0.23.6 and onwards, the Google Workspace IdP man
2. Select **Internal** User Type and click **Create**
- 
+ 
3. Fill in the form:
@@ -115,14 +142,14 @@ Beginning with NetBird version v0.23.6 and onwards, the Google Workspace IdP man
7. Click **UPDATE**
- 
+ 
8. Click **SAVE AND CONTINUE**
9. Review the summary and click **BACK TO DASHBOARD**
- 
+ 
### Step 2: Create OAuth 2.0 Credentials
@@ -140,13 +167,13 @@ Beginning with NetBird version v0.23.6 and onwards, the Google Workspace IdP man
4. Click **CREATE**
- 
+ 
5. Note **Client ID** and **Client Secret**
- 
+ 
### Step 3: Create Service Account
@@ -160,7 +187,7 @@ Beginning with NetBird version v0.23.6 and onwards, the Google Workspace IdP man
5. Click **DONE**
- 
+ 
### Step 4: Create Service Account Keys
@@ -169,7 +196,7 @@ Beginning with NetBird version v0.23.6 and onwards, the Google Workspace IdP man
2. Under **Service Accounts**, click **netbird** to edit
- 
+ 
3. Click the **Keys** tab
@@ -193,7 +220,7 @@ The key file downloads automatically. Store it securely. Read about [managing se
5. Click **CONTINUE**
- 
+ 
6. Scroll to **Admin API privileges** and add:
@@ -201,7 +228,7 @@ The key file downloads automatically. Store it securely. Read about [managing se
7. Click **CONTINUE**
- 
+ 
8. Click **CREATE ROLE**
@@ -210,11 +237,11 @@ The key file downloads automatically. Store it securely. Read about [managing se
11. Click **ADD** then **ASSIGN ROLE**
- 
+ 
- 
+ 
12. Navigate to [Account Settings](https://admin.google.com/ac/accountsettings/profile) and note the **Customer ID**
diff --git a/src/pages/selfhosted/identity-providers/managed/jumpcloud.mdx b/src/pages/selfhosted/identity-providers/managed/jumpcloud.mdx
index 5201e4dd..926b598c 100644
--- a/src/pages/selfhosted/identity-providers/managed/jumpcloud.mdx
+++ b/src/pages/selfhosted/identity-providers/managed/jumpcloud.mdx
@@ -1,6 +1,6 @@
import {Note} from "@/components/mdx";
-# JumpCloud
+# JumpCloud SSO with NetBird Self-Hosted
[JumpCloud](https://jumpcloud.com/) is a cloud-based directory platform that provides identity, access, and device management. It offers single sign-on (SSO), multi-factor authentication (MFA), and centralized user management.
@@ -13,26 +13,49 @@ Add JumpCloud as an external IdP directly in the NetBird Management Dashboard. T
- NetBird self-hosted with embedded IdP enabled
- JumpCloud account with admin permissions
-### Step 1: Create OIDC Application in JumpCloud
+### Step 1: Start Creating OIDC Application in JumpCloud
1. Navigate to [JumpCloud Admin Portal](https://console.jumpcloud.com/)
2. Click **SSO Applications** under **USER AUTHENTICATION**
+
+
+ 
+
+
3. Click **Add New Application** → **Custom Application**
+
+
+ 
+
4. Confirm **Custom application** and click **Next**
5. Select **Manage Single Sign-On (SSO)** and check **Configure SSO with OIDC**
+
+
+ 
+
+
6. Click **Next**
7. Enter **Display Label**: `NetBird`
8. Click **Next**
9. Review and click **Configure Application**
10. On the **SSO** tab, configure:
- - **Client Authentication Type**: `Confidential`
- - Leave redirect URIs empty for now
-11. Click **Activate**
-12. Note the **Client ID** and **Client Secret**
+ - **Redirect URIs**: `https:///oauth2/callback` (you'll verify this matches exactly in Step 3)
+ - **Client Authentication Type**: `Client Secret POST`
+ - **Login URL**: `https:///`
+11. Under **Attribute Mapping**, enable:
+ - **Email** scope
+ - **Profile** scope
+12. Click **Save** to save the SSO configuration
+13. Click the **User Groups** tab and select at least one user group that can access NetBird
+14. **Don't click Activate yet** — keep this tab open and proceed to Step 2
-### Step 2: Add Identity Provider in NetBird
+
+Sometimes, the JumpCloud application configuration will add duplicate attributes, like `email` and `email_verified`. Remove any duplicates if they appear.
+
-1. Log in to your NetBird Dashboard
+### Step 2: Get Redirect URL from NetBird
+
+1. Open a new tab or window and log in to your NetBird Dashboard
2. Navigate to **Settings** → **Identity Providers**
3. Click **Add Identity Provider**
4. Fill in the fields:
@@ -41,27 +64,48 @@ Add JumpCloud as an external IdP directly in the NetBird Management Dashboard. T
|-------|-------|
| Type | Generic OIDC |
| Name | JumpCloud (or your preferred display name) |
-| Client ID | From JumpCloud |
-| Client Secret | From JumpCloud |
-| Issuer | `https://oauth.id.jumpcloud.com` |
+| Client ID | From JumpCloud application (will fill after Step 3) |
+| Client Secret | From JumpCloud application (will fill after Step 3) |
+| Issuer | `https://oauth.id.jumpcloud.com/` **(must include trailing slash)** |
-5. Don't click **Add Provider** yet, copy your Redirect URL for the next step.
+
+**Important:** The Issuer must be exactly `https://oauth.id.jumpcloud.com/` (with trailing slash) to match what JumpCloud returns. If you enter it without the trailing slash, the connector will fail to initialize. See the ["Issuer did not match" troubleshooting section](#issuer-did-not-match-or-unauthenticated-error) for how to fix this if you encounter this error.
+
-### Step 3: Configure Redirect URI
+5. **Copy the Redirect URL** that NetBird displays (but don't click **Add Provider** yet)
-NetBird displays the **Redirect URL**. Copy this URL and add it to your JumpCloud application:
+
+ 
+
-1. Return to JumpCloud Admin → **SSO Applications** → **NetBird**
+### Step 3: Complete JumpCloud Application Setup
+
+1. Return to the JumpCloud tab
2. Click the **SSO** tab
-3. Under **Redirect URIs**, add the redirect URL from NetBird
-4. Click **Save**
-5. Click **Add Provider** in NetBird
+3. Under **Redirect URIs**, verify the redirect URL matches the exact URL you copied from NetBird (e.g., `https://netbird.hopkins.sh/oauth2/callback`). If it doesn't match exactly, update it to match.
+4. Click **Save** (if you made any changes)
-### Step 4: Assign User Groups
+
+ 
+
-1. Click the **User Groups** tab
-2. Select the user groups that can access NetBird
-3. Click **Save**
+5. Click **Activate**
+6. Note the **Client ID** and **Client Secret** — you'll need these for Step 4
+
+
+ 
+
+
+### Step 4: Complete NetBird Setup
+
+1. Return to the NetBird tab
+2. Fill in the **Client ID** and **Client Secret** from Step 3
+
+
+ 
+
+
+3. Click **Add Provider**
### Step 5: Test the Connection
@@ -90,33 +134,33 @@ For most deployments, the [embedded IdP](/selfhosted/identity-providers/local) i
3. Click **Add New Application** → **Custom Application**
- 
+ 
4. Confirm **Custom application** selected and click **Next**
- 
+ 
5. Select **Manage Single Sign-On (SSO)** and check **Configure SSO with OIDC**
6. Click **Next**
- 
+ 
7. Enter **Display Label**: `NetBird`
8. Click **Next**
- 
+ 
9. Review and click **Configure Application**
- 
+ 
10. On the **SSO** tab, configure:
@@ -128,26 +172,26 @@ For most deployments, the [embedded IdP](/selfhosted/identity-providers/local) i
- **Login URL**: `https://`
- 
+ 
11. Under **Attribute Mapping (optional)**:
- **Standard Scopes**: `Email`, `Profile`
- 
+ 
12. Click **User Groups** tab and select groups that can access the application
- 
+ 
13. Click **Activate**
- 
+ 
14. Note the **Client ID**
@@ -170,7 +214,7 @@ If you already have an integration user, confirm it has the required role and sk
4. Click **Save**
- 
+ 
@@ -185,14 +229,14 @@ If you already have an integration user, confirm it has the required role and sk
2. Click the account initials (top-right) → **My API Key**
- 
+ 
3. If no key exists, click **Generate New API Key**
4. Copy the API token
- 
+ 
### Step 4: Configure NetBird
@@ -225,6 +269,86 @@ You've configured all required resources in JumpCloud. Continue with the [NetBir
## Troubleshooting
+### "Issuer did not match" or "Unauthenticated" error
+
+If you see an error like:
+
+```
+FATL ... oidc: issuer did not match the issuer returned by provider, expected "https://oauth.id.jumpcloud.com" got "https://oauth.id.jumpcloud.com/"
+```
+
+This means there's a trailing slash mismatch in the Issuer URL. OIDC validation is strictly character-for-character.
+
+**The Cause:**
+- **Configured in NetBird:** `https://oauth.id.jumpcloud.com` (missing trailing slash)
+- **Returned by JumpCloud:** `https://oauth.id.jumpcloud.com/` (has trailing slash)
+
+Because the service fails to initialize the IDP manager, the Management container will often crash or restart loop, making it impossible to fix this via the Web UI.
+
+**Resolution:**
+
+If you can still access NetBird Dashboard:
+1. Navigate to **Settings** → **Identity Providers**
+2. Edit the JumpCloud identity provider
+3. Change the **Issuer** field to exactly `https://oauth.id.jumpcloud.com/` (with trailing slash)
+4. Click **Save**
+5. Restart the management container: `docker restart netbird-management`
+
+If you cannot access the dashboard (locked out), you must fix it directly in the SQLite database:
+
+1. **Locate the Volume:**
+ ```bash
+ docker volume inspect root_netbird_management
+ # Look for "Mountpoint", e.g., /var/lib/docker/volumes/root_netbird_management/_data
+ ```
+
+2. **Access the Database:**
+ ```bash
+ cd /var/lib/docker/volumes/root_netbird_management/_data
+
+ # Backup the database first!
+ cp idp.db idp.db.bak
+
+ # Open the database
+ sqlite3 idp.db
+ ```
+
+3. **Update the Issuer URL:**
+ Inside the SQLite prompt, run the following:
+ ```sql
+ -- Check current config to confirm missing slash
+ SELECT config FROM connector;
+
+ -- Update the config to add trailing slash to match JumpCloud
+ UPDATE connector
+ SET config = replace(config, 'jumpcloud.com"', 'jumpcloud.com/"')
+ WHERE config LIKE '%jumpcloud.com"%';
+
+ -- Verify the change
+ SELECT config FROM connector;
+
+ -- Exit
+ .quit
+ ```
+
+4. **Restart Service:**
+ ```bash
+ docker restart netbird-management
+ ```
+
+The service should now start successfully, and the error should be resolved.
+
+
+### "Connector failed to initialize" error
+
+- Ensure **Attribute Mapping** has both **Email** and **Profile** scopes enabled
+- Verify at least one **User Group** is assigned to the application before activation
+- Check that **Redirect URIs** exactly matches the URL from NetBird (no trailing slashes)
+- Ensure **Client Authentication Type** is set to `Client Secret POST`
+- Verify **Login URL** matches your NetBird domain exactly
+- Make sure the application is **Activated** and you have the correct **Client ID** and **Client Secret**
+- Remove any duplicate attributes in **Attribute Mapping** (e.g., `email` and `email_verified`)
+
### "Invalid redirect URI" error
- Ensure all redirect URIs are configured in JumpCloud
diff --git a/src/pages/selfhosted/identity-providers/managed/microsoft-entra-id.mdx b/src/pages/selfhosted/identity-providers/managed/microsoft-entra-id.mdx
index f55b01f4..38e9ea4a 100644
--- a/src/pages/selfhosted/identity-providers/managed/microsoft-entra-id.mdx
+++ b/src/pages/selfhosted/identity-providers/managed/microsoft-entra-id.mdx
@@ -1,6 +1,6 @@
import {Note} from "@/components/mdx";
-# Microsoft Entra ID
+# Microsoft and Entra ID SSO with NetBird Self-Hosted
Use Microsoft accounts for authentication with NetBird. This supports both personal Microsoft accounts and Microsoft Entra ID (formerly Azure AD) for work and school accounts.
@@ -18,10 +18,15 @@ Add Microsoft as an external IdP directly in the NetBird Management Dashboard. C
- NetBird self-hosted with embedded IdP enabled
- Access the [Entra Admin Center](https://entra.microsoft.com/)
-### Step 1: Create App Registration
+### Step 1: Start Creating App Registration
1. Navigate to [Entra Admin Center](https://entra.microsoft.com/))
2. Click **App registrations** → **New registration**
+
+
+ 
+
+
3. Fill in:
- **Name**: `NetBird`
- **Supported account types**: Choose based on your needs:
@@ -29,21 +34,13 @@ Add Microsoft as an external IdP directly in the NetBird Management Dashboard. C
- *Multi-tenant (any Entra ID organization)*: `Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant)`
- *Multi-tenant with personal accounts*: `Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)`
- *Personal accounts only*: `Personal Microsoft accounts only`
- - **Redirect URI**: Leave empty for now
-4. Click **Register**
-5. Note the **Application (client) ID** and **Directory (tenant) ID**
+ - **Redirect URI**: Leave empty for now (you'll add this in Step 4)
-### Step 2: Create Client Secret
+4. **Don't click Register yet** — keep this tab open and proceed to Step 2
-1. Go to **Certificates & secrets**
-2. Click **New client secret**
-3. Add a description and expiration
-4. Click **Add**
-5. Copy the **Value** immediately (it won't be shown again)
+### Step 2: Get Redirect URL from NetBird
-### Step 3: Add Identity Provider in NetBird
-
-1. Log in to your NetBird Dashboard
+1. Open a new tab or window and log in to your NetBird Dashboard
2. Navigate to **Settings** → **Identity Providers**
3. Click **Add Identity Provider**
4. Fill in the fields:
@@ -54,8 +51,8 @@ Add Microsoft as an external IdP directly in the NetBird Management Dashboard. C
|-------|-------|
| Type | Microsoft |
| Name | Microsoft (or your preferred display name) |
-| Client ID | Application (client) ID from Azure |
-| Client Secret | Secret value from Azure |
+| Client ID | From Azure app registration (will fill after Step 3) |
+| Client Secret | From Azure app registration (will fill after Step 5) |
**For Microsoft Entra ID (Work/School):**
@@ -63,28 +60,72 @@ Add Microsoft as an external IdP directly in the NetBird Management Dashboard. C
|-------|-------|
| Type | Microsoft Entra ID |
| Name | Microsoft Work (or your preferred display name) |
-| Client ID | Application (client) ID from Azure |
-| Client Secret | Secret value from Azure |
-| Tenant ID | Directory (tenant) ID from Azure |
+| Issuer URL | From Azure app registration (will fill after Step 3) |
+| Client ID | From Azure app registration (will fill after Step 3) |
+| Client Secret | From Azure app registration (will fill after Step 5) |
-Microsoft doesn't require an Issuer URL—it's determined automatically.
+**Issuer URL format:** `https://login.microsoftonline.com/{tenant-id}/v2.0` where `{tenant-id}` is your Directory (tenant) ID from Azure.
-5. Don't click **Add Provider** yet, copy your Redirect URL for the next step.
+5. **Copy the Redirect URL** that NetBird displays (but don't click **Add Provider** yet)
+
+
+ 
+
+
+### Step 3: Complete App Registration
+
+1. Return to the Entra Admin Center tab
+2. Click **Register**
+3. Note the **Application (client) ID** and **Directory (tenant) ID** — you'll need these for Step 6
+4. Construct the **Issuer URL** using the format: `https://login.microsoftonline.com/{tenant-id}/v2.0` (replace `{tenant-id}` with your Directory (tenant) ID)
### Step 4: Configure Redirect URI
-NetBird displays the **Redirect URL**. Copy this URL and add it to your Azure app:
+1. Still in the Entra Admin Center tab, go to **Authentication**
+2. Click **Add a platform** → **Web**
+3. In the dropdown next to the redirect URI field, select **Web**
+4. Paste the redirect URL you copied from NetBird in the **Redirect URI** field
+
+
+ 
+
-1. Return to Azure Portal → Your app registration
-2. Go to **Authentication**
-3. Click **Add a platform** → **Web application**
-4. Add the redirect URL from NetBird
5. Click **Configure**
-6. Click **Add Provider** in NetBird
-### Step 5: Test the Connection
+### Step 5: Create Client Secret
+
+1. Go to **Certificates & secrets**
+2. Click **New client secret**
+
+
+ 
+
+
+3. Add a description and expiration
+4. Click **Add**
+5. Copy the **Value** immediately (it won't be shown again) — you'll need this for Step 6
+
+
+ 
+
+
+### Step 6: Complete NetBird Setup
+
+1. Return to the NetBird tab
+2. Fill in the fields:
+ - **Client ID**: Paste the **Application (client) ID** from Step 3
+ - **Client Secret**: Paste the **Value** from Step 5
+ - **Issuer URL**: Paste the **Issuer URL** you constructed in Step 3 (for Entra ID only)
+
+
+ 
+
+
+3. Click **Add Provider**
+
+### Step 7: Test the Connection
1. Log out of NetBird Dashboard
2. On the login page, you should see the Microsoft button
@@ -120,7 +161,7 @@ If you prefer to have full control over authentication, consider self-hosted alt
5. After registration, note the **Application (client) ID** from the Overview page (you'll need this in Step 3)
- 
+ 
### Step 2: Configure Platform Settings
@@ -129,13 +170,13 @@ If you prefer to have full control over authentication, consider self-hosted alt
2. Under **Single-page application**, add another URI: `https:///auth`
- 
+ 
3. Scroll down and configure options as shown:
- 
+ 
4. Click **Add a Platform** → **Mobile and desktop applications**
@@ -152,7 +193,7 @@ If you prefer to have full control over authentication, consider self-hosted alt
5. Click **Add scope**
- 
+ 
6. Under **Authorized client applications**, click **+ Add a client application**
@@ -160,7 +201,7 @@ If you prefer to have full control over authentication, consider self-hosted alt
8. Click **Add application**
- 
+ 
### Step 4: Add API Permissions
@@ -170,7 +211,7 @@ If you prefer to have full control over authentication, consider self-hosted alt
3. Select **My APIs** tab → **Netbird** → check `api` permission → **Add permissions**
- 
+ 
4. Click **Add a permission** again
@@ -179,13 +220,13 @@ If you prefer to have full control over authentication, consider self-hosted alt
7. Click **Add permissions**
- 
+ 
8. Click **Grant admin consent for Default Directory** → **Yes**
- 
+ 
### Step 5: Update Token Version
@@ -204,7 +245,7 @@ If you prefer to have full control over authentication, consider self-hosted alt
5. Copy the **Value** immediately
- 
+ 
6. Click **Overview** and note:
diff --git a/src/pages/selfhosted/identity-providers/managed/okta.mdx b/src/pages/selfhosted/identity-providers/managed/okta.mdx
index 3d945834..7d08d915 100644
--- a/src/pages/selfhosted/identity-providers/managed/okta.mdx
+++ b/src/pages/selfhosted/identity-providers/managed/okta.mdx
@@ -1,6 +1,6 @@
import {Note} from "@/components/mdx";
-# Okta
+# Okta SSO with NetBird Self-Hosted
[Okta](https://www.okta.com/) is a cloud-based identity and access management service for enterprise use, providing single sign-on, multi-factor authentication, and lifecycle management.
@@ -18,9 +18,19 @@ Add Okta as an external IdP directly in the NetBird Management Dashboard. This i
1. Navigate to Okta Admin Dashboard
2. Click **Applications** → **Applications**
3. Click **Create App Integration**
+
+
+ 
+
+
4. Select:
- **Sign-in method**: `OIDC - OpenID Connect`
- **Application type**: `Web Application`
+
+
+ 
+
+
5. Click **Next**
6. Fill in:
- **App integration name**: `NetBird`
@@ -30,6 +40,11 @@ Add Okta as an external IdP directly in the NetBird Management Dashboard. This i
- **Allow everyone in your organization to access** (recommended for testing)
- **Limit access to selected groups** (for production)
- **Skip group assignment for now** (assign later)
+
+
+ 
+
+
8. **Don't click Save yet** — keep this tab open and proceed to Step 2
### Step 2: Get Redirect URL from NetBird
@@ -49,20 +64,38 @@ Add Okta as an external IdP directly in the NetBird Management Dashboard. This i
5. **Copy the Redirect URL** that NetBird displays (but don't click **Add Provider** yet)
+
+ 
+
+
### Step 3: Complete Okta Application Setup
1. Return to the Okta tab
2. In the **Sign-in redirect URIs** field, paste the redirect URL you copied from NetBird
+
+
+ 
+
+
3. Click **Save**
4. Note the **Client ID** and **Client Secret** — you'll need these for Step 4
+
+ 
+
+
### Step 4: Complete NetBird Setup
1. Return to the NetBird tab
2. Fill in the **Client ID** and **Client Secret** from Step 3
+
+
+ 
+
+
3. Click **Add Provider**
-### Step 4: Test the Connection
+### Step 5: Test the Connection
1. Log out of NetBird Dashboard
2. On the login page, you should see an "Okta" button
@@ -97,7 +130,7 @@ If you prefer to have full control over authentication, consider self-hosted alt
5. Click **Next**
- 
+ 
6. Fill in:
@@ -111,7 +144,7 @@ If you prefer to have full control over authentication, consider self-hosted alt
7. Click **Save**
- 
+ 
8. Note the **Client ID**
@@ -120,7 +153,7 @@ If you prefer to have full control over authentication, consider self-hosted alt
11. Click **Save**
- 
+ 
### Step 2: Create Native Application (for Device Auth)
@@ -133,7 +166,7 @@ If you prefer to have full control over authentication, consider self-hosted alt
4. Click **Next**
- 
+ 
5. Fill in:
@@ -142,7 +175,7 @@ If you prefer to have full control over authentication, consider self-hosted alt
6. Click **Save**
- 
+ 
7. Note the **Client ID** (for device auth)
@@ -151,7 +184,7 @@ If you prefer to have full control over authentication, consider self-hosted alt
10. Click **Save**
- 
+ 
### Step 3: Generate API Token
@@ -165,7 +198,7 @@ If you prefer to have full control over authentication, consider self-hosted alt
6. Copy the token value and click **OK, got it**
- 
+ 
### Step 4: Configure NetBird