Add single-account mode doc

docs/getting-started/self-hosting.md

@@ -87,7 +87,18 @@ Pick the one that suits your needs, follow the steps, and continue with this gui
 - Continue with [Auth0](/integrations/identity-providers/self-hosted/using-netbird-with-auth0) (managed service).
 - Continue with [Keycloak](/integrations/identity-providers/self-hosted/using-netbird-with-keycloak).
 
-### Step 4: Run configuration script
+### Step 4: Disable single account mode (optional)
+
+NetBird Management service runs in a single account mode by default since version v0.10.1. 
+Management service was creating a separate account for each registered user before v0.10.1. 
+Single account mode ensures that all the users signing up for your self-hosted installation will join the same account/network.
+In most cases, this is the desired behavior. 
+
+If you want to disable the single-account mode, set `--disable-single-account-mode` flag in the 
+[docker-compose.yml.tmpl](https://github.com/netbirdio/netbird/tree/main/infrastructure_files/docker-compose.yml.tmpl) 
+`command` section of the `management` service.
+
+### Step 5: Run configuration script
 Make sure all the required properties set in the ```setup.env``` file and run:
 
  ```bash

docs/integrations/identity-providers/self-hosted/keycloak.md

@@ -157,59 +157,7 @@ In this step, we will create and configure the NetBird client audience for Keycl
 
 ![](/img/integrations/identity-providers/self-hosted/keycloack-add-client-scope.png)
 
-### Step 8: Ensure that all users will join the same NetBird network (Optional)
+### Step 8: Continue with the self-hosting guide
-
-In this step, we will configure custom JWT claims that will be included in every generated token.
-This step is necessary if you want every user created via Keycloak to join the same NetBird network.
-Otherwise, every user will have a separate account and network.
-
-- Open the Keycloak Admin Console
-- Make sure, that the selected realm is `Netbird`
-- Click `Client scopes` (left-hand menu)
-- Click `Create client scope` button
-- Fill in the form with the following values:
-  - Name: `Domain Token Claims`
-  - Type: `Default`
-  - Protocol: `OpenID Connect`
-- Click `Save`
-
-![](/img/integrations/identity-providers/self-hosted/keycloak-domain-token-claim-scope.png)
-
-- While in the newly created Client Scope, switch to the `Mappers` tab
-- Click `Configure a new mapper`
-- Choose the `Hardcoded claim` mapping
-
-![](/img/integrations/identity-providers/self-hosted/keycloack-domain-token-claim-mapper.png)
-
-- Fill in the form with the following values:
-  - Name: `domain`
-  - Token Claim Name: `netbird-clientwt_account_domain`. This is not a typo. The name is a concat of `NETBIRD_AUTH_AUDIENCE` and a `wt_account_domain` string
-  - Claim value: `<YOUR DOMAIN>`. E.g. `netbird.io`
-  - Click `Save`
-
-![](/img/integrations/identity-providers/self-hosted/keycloack-domain-token-claim-mapper-domain.png)
-
-- Repeat the same operation and add a new mapper
-- Fill in the form with the following values:
-  - Name: `domain_category`
-  - Token Claim Name: `netbird-clientwt_account_domain_category`. This is not a typo. The name is a concat of `NETBIRD_AUTH_AUDIENCE` and a `wt_account_domain_category` string
-  - Claim value: `private`
-  - Click `Save`
-
-![](/img/integrations/identity-providers/self-hosted/keycloack-domain-token-claim-mapper-domain-category.png)
-
-- Open the Keycloak Admin Console
-- Make sure, that the selected realm is `Netbird`
-- Click `Clients`
-- Choose `netbird-client` from the list
-- Switch to `Client scopes` tab
-- Click `Add client scope` button
-- Choose `Domain_Token_Claims`
-- CLick `Add` choosing `Default`
-
-![](/img/integrations/identity-providers/self-hosted/keycloack-domain-token-claims-client.png)
-
-### Step 9: Continue with the self-hosting guide
 
 Your authority OIDC configuration will be available under:
 ```