GITBOOK-285: change request with no subject merged in GitBook

defguard-community · gitbook-bot · commit 264efaa0c5c3 · 2024-11-15T11:00:03.000Z
diff --git a/README.md b/README.md
@@ -20,7 +20,7 @@ This approach is vastly different from most (if not all) VPN/IdP solutions, whic
 
 Incorporating IDM, ALM, VPN has also other advantages:
 
-1. Internal IdP with 2FA/MFA enables us to provide [**real VPN 2FA/MFA**](admin-and-features/features-and-configuration/wireguard/multi-factor-authentication-mfa-2fa/architecture.md) - and not like most applications just 2FA when opening the app (and not during the connection process). Even if you use [external OIDC](enterprise/external-openid-providers.md) (Google/Microsoft/Custom - which defguard supports), we still use our internal IdP for 2FA/MFA.
+1. Internal IdP with 2FA/MFA enables us to provide [**real VPN 2FA/MFA**](admin-and-features/features-and-configuration/wireguard/multi-factor-authentication-mfa-2fa/architecture.md) - and not like most applications just 2FA when opening the app (and not during the connection process). Even if you use [external OIDC](enterprise/all-enteprise-features/external-openid-providers.md) (Google/Microsoft/Custom - which defguard supports), we still use our internal IdP for 2FA/MFA.
 2. Your organisation may use just **one account** (login) for access control to all your applications as well as VPN.
 3. It simplifies deployment, maintenance, audits.
 
diff --git a/SUMMARY.md b/SUMMARY.md
@@ -65,10 +65,10 @@
 ## Enterprise Features <a href="#enterprise" id="enterprise"></a>
 
 * [License](enterprise/license.md)
-* [All enteprise features](enterprise/all-enteprise-features.md)
-* [Automatic (real time) desktop client configuration & sync](enterprise/automatic-real-time-desktop-client-configuration.md)
-* [External OpenID providers](enterprise/external-openid-providers.md)
-* [VPN & Client behavior customization](enterprise/behavior-customization.md)
+* [Enteprise features](enterprise/all-enteprise-features/README.md)
+  * [Automatic (real time) desktop client configuration & sync](enterprise/all-enteprise-features/automatic-real-time-desktop-client-configuration.md)
+  * [External OpenID providers](enterprise/all-enteprise-features/external-openid-providers.md)
+  * [VPN & Client behavior customization](enterprise/all-enteprise-features/behavior-customization.md)
 
 ## Tutorials
 
diff --git a/enterprise/all-enteprise-features/README.md b/enterprise/all-enteprise-features/README.md
diff --git a/enterprise/all-enteprise-features/automatic-real-time-desktop-client-configuration.md b/enterprise/all-enteprise-features/automatic-real-time-desktop-client-configuration.md
@@ -1,3 +1,7 @@
+---
+icon: rotate-exclamation
+---
+
 # Automatic (real time) desktop client configuration & sync
 
 When initially configuring defguard desktop client all available locations for the user (with all location settings) is automatically configured (which is one of defguard's uniqe functionalities).
@@ -6,10 +10,10 @@ In the course of time: new locations can be added by administrators, existing on
 
 In order to reconfigure users desktop client the administrator has two possibilities:
 
-1. If using the **Open Source Open Core** - the administrator needs to send a new configuration token to each user affected, and the user needs to [Update the instance](../help/configuring-vpn/add-new-instance/update-instance.md) in the desktop client with the new obtained token.
+1. If using the **Open Source Open Core** - the administrator needs to send a new configuration token to each user affected, and the user needs to [Update the instance](../../help/configuring-vpn/add-new-instance/update-instance.md) in the desktop client with the new obtained token.
 2. Obtain the **Enterprise License**, then each users desktop client (and all Locations) are **reconfigured automatically, real time** (propagation takes around 30 seconds to 1 minute) each time any VPN Location is reconfigured or the user is assigned to a different group.&#x20;
 
 {% hint style="warning" %}
-If you have been using defguard prior to version 1.0.0, upgraded and have Enterprise License, to take advantage of the real-time config sync on an already configured desktop client, [please refer to Upgrade notes documentation.](../features/setting-up-your-instance/upgrading.md#desktop-client-real-time-sync)
+If you have been using defguard prior to version 1.0.0, upgraded and have Enterprise License, to take advantage of the real-time config sync on an already configured desktop client, [please refer to Upgrade notes documentation.](../../features/setting-up-your-instance/upgrading.md#desktop-client-real-time-sync)
 {% endhint %}
 
diff --git a/enterprise/all-enteprise-features/behavior-customization.md b/enterprise/all-enteprise-features/behavior-customization.md
@@ -1,8 +1,12 @@
+---
+icon: sliders
+---
+
 # VPN & Client behavior customization
 
 After purchasing the Enterprise License the _Enterprise features_ **tab will be activated**, enabling the administrator to configure additional features:
 
-<figure><img src="../.gitbook/assets/Enterprise Features.png" alt=""><figcaption><p>Additional Enterprise Features</p></figcaption></figure>
+<figure><img src="../../.gitbook/assets/Enterprise Features.png" alt=""><figcaption><p>Additional Enterprise Features</p></figcaption></figure>
 
 ### Disable for users to manage their devices
 
@@ -14,7 +18,7 @@ If '_Disable users' ability to manually configure WireGuard client_' option is *
 
 This option will not be available for users:
 
-<figure><img src="../.gitbook/assets/Screenshot 2024-10-14 at 12.44.15.png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/Screenshot 2024-10-14 at 12.44.15.png" alt=""><figcaption></figcaption></figure>
 
 {% hint style="danger" %}
 Please note that defguard has only **desktop clients** and **no official mobile** client, thus when using this option users **will not be able to configure their mobile WireGuard clients.**
@@ -24,7 +28,7 @@ Please note that defguard has only **desktop clients** and **no official mobile*
 
 Of of defguard desktop client uniqe features is the possibility for the user to automatically route **All network traffic** from their device **through the connected VPN Location**, when the user checks _All traffic_ option_**:**_
 
-&#x20;![](<../.gitbook/assets/Screenshot 2024-10-14 at 12.49.30.png>)
+&#x20;![](<../../.gitbook/assets/Screenshot 2024-10-14 at 12.49.30.png>)
 
 But there are scenarios that administrator would like that users have only access to the **Predefined traffic** (meaning Allowed IPs in the Network VPN configuration) and the possibility to access all networks disabled.
 
diff --git a/enterprise/all-enteprise-features/external-openid-providers.md b/enterprise/all-enteprise-features/external-openid-providers.md
@@ -1,6 +1,10 @@
+---
+icon: up-right-from-square
+---
+
 # External OpenID providers
 
-Defguard, [apart from being an identity provider itself](../admin-and-features/features-and-configuration/openid-connect/), supports logging in through external OpenID providers. Currently, there are two built in providers (Google and Microsoft) but there is also an option to specify a custom provider.
+Defguard, [apart from being an identity provider itself](../../admin-and-features/features-and-configuration/openid-connect/), supports logging in through external OpenID providers. Currently, there are two built in providers (Google and Microsoft) but there is also an option to specify a custom provider.
 
 ### Prerequisites
 
@@ -29,7 +33,7 @@ This is an optional value required only if you are using Microsoft as your provi
 
 In order to configure the external OpenID provider login, go to the settings in the Defguard admin dashboard.
 
-<figure><img src="../.gitbook/assets/image (29).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (29).png" alt=""><figcaption></figcaption></figure>
 
 Everything related to the external OpenID configuration can be found in the OpenID tab of the settings page. First thing to do here would be to pick your provider using the dropdown menu under the "Provider" label. Next, fill out the required information with values acquired from your provider. If you picked "Microsoft" or "Custom", make sure to also make corresponding changes in the "Base URL" field. After you are done, click "Save changes" to keep your changes.&#x20;
 
@@ -44,37 +48,37 @@ You may have also noticed the checkbox option on the right. By default, when a n
 1. The Google OpenID connect can be configured in the [Google Cloud Console](https://console.cloud.google.com)
 2.  If you don't have any project setup already (or you want to create a new one for this purpose), create it by clicking the dropdown menu here:
 
-    <figure><img src="../.gitbook/assets/image (31).png" alt="" width="312"><figcaption></figcaption></figure>
+    <figure><img src="../../.gitbook/assets/image (31).png" alt="" width="312"><figcaption></figcaption></figure>
 
     If you already have project, make sure to select it in the above dropdown menu.
 3. Now, navigate to [`APIs & Services`](https://console.cloud.google.com/apis)&#x20;
 4. We will focus on the consent screen first, select `OAuth consent screen`
 5.  &#x20;Pick the User Type according to your needs, this example will focus on the internal type
 
-    <figure><img src="../.gitbook/assets/image (32).png" alt=""><figcaption></figcaption></figure>
+    <figure><img src="../../.gitbook/assets/image (32).png" alt=""><figcaption></figcaption></figure>
 
 
 6. Fill in all required details. Make sure to fill the correct domain. This should be the top domain under which your Defguard dashboard can be accessed, not the subdomain (e.g. `defguard.example.com` -> `example.com`).&#x20;
 7.  On the scopes config screen, click `ADD OR REMOVE SCOPES`, Defguard requires at least the following scopes:
 
-    <figure><img src="../.gitbook/assets/image (34).png" alt=""><figcaption></figcaption></figure>
+    <figure><img src="../../.gitbook/assets/image (34).png" alt=""><figcaption></figcaption></figure>
 
 
 8. Proceed until the end and return to the OAuth consent screen dashboard.
 9.  Now, go to [`Credentials`](https://console.cloud.google.com/apis/credentials), click `CREATE CREDENTIALS` and choose `OAuth client ID`&#x20;
 
-    <figure><img src="../.gitbook/assets/image (35).png" alt=""><figcaption></figcaption></figure>
+    <figure><img src="../../.gitbook/assets/image (35).png" alt=""><figcaption></figcaption></figure>
 
 
 10. On the next screen, fill out all required information:\
 
 
-    <figure><img src="../.gitbook/assets/obraz (3).png" alt=""><figcaption></figcaption></figure>
+    <figure><img src="../../.gitbook/assets/obraz (3).png" alt=""><figcaption></figcaption></figure>
 
     Make sure to select "Web application" as the application type. The other thing to note here is the redirect URI. It is the URI to which the user will be redirected from the external provider's authorization. This URI is in the form of `<DEFGUARD_DASHBOARD_URL>/auth/callback`. Replace `<DEFGUARD_DASHBOARD_URL>` with the URL under which your dashboard is accessible, e.g. `https://defguard.example.com`.
 11. After you proceed further, you will be presented with a popup containing your `Client ID` and `Client Secret`, copy them and paste on the Defguard OpenID configuration page.
 
-    <figure><img src="../.gitbook/assets/settings.png" alt=""><figcaption></figcaption></figure>
+    <figure><img src="../../.gitbook/assets/settings.png" alt=""><figcaption></figcaption></figure>
 
 #### Microsoft
 
@@ -84,46 +88,46 @@ You may have also noticed the checkbox option on the right. By default, when a n
     \
 
 
-    <figure><img src="../.gitbook/assets/obraz (4).png" alt=""><figcaption></figcaption></figure>
+    <figure><img src="../../.gitbook/assets/obraz (4).png" alt=""><figcaption></figcaption></figure>
 
 
 4. Click "Make new registration"
 5.  Fill out the form, like in the example:\
 
 
-    <figure><img src="../.gitbook/assets/obraz (5).png" alt=""><figcaption></figcaption></figure>
+    <figure><img src="../../.gitbook/assets/obraz (5).png" alt=""><figcaption></figcaption></figure>
 
     Make sure the Redirect URL you insert here is correct. Replace `defguard.example.com` with the domain you use for your Defguard dashboard.
 6.  You should be now on the registered application's management screen. You can copy the client's ID and the tenant ID from here, as you need to provide them on the Defguard settings' page.\
 
 
-    <figure><img src="../.gitbook/assets/Zrzut ekranu 2024-10-18 o 16.13.54.png" alt=""><figcaption></figcaption></figure>
+    <figure><img src="../../.gitbook/assets/Zrzut ekranu 2024-10-18 o 16.13.54.png" alt=""><figcaption></figcaption></figure>
 7. Go to Defguard settings, click the OpenID tab and paste the copied client ID. The tenant ID should be inserted instead of the `<TENANT_ID>` placeholder in the base URL field.
 8.  &#x20;Now back in Microsoft Entra ID, still in your newly created application, go to Certificates and Secrets\
     \
 
 
-    <figure><img src="../.gitbook/assets/obraz (8).png" alt=""><figcaption></figcaption></figure>
+    <figure><img src="../../.gitbook/assets/obraz (8).png" alt=""><figcaption></figcaption></figure>
 
 
 9. Click Client secrets and create a new client secret. Copy its **value** and paste it in your Defguard OpenID settings.
 10. Go to Token configuration (in the menu on the left) and add a new optional token claim.
 11. Make sure to select the ID token type and the following claims:\
 
 
-    <figure><img src="../.gitbook/assets/obraz (9).png" alt=""><figcaption></figcaption></figure>
+    <figure><img src="../../.gitbook/assets/obraz (9).png" alt=""><figcaption></figcaption></figure>
 
 
 12. Accept the popup or configure the API permissions manually.\
 
 
-    <figure><img src="../.gitbook/assets/obraz (10).png" alt=""><figcaption></figcaption></figure>
+    <figure><img src="../../.gitbook/assets/obraz (10).png" alt=""><figcaption></figcaption></figure>
 
 
 13. Go to Authentication (again, it's in the menu on the left, still in the registered App settings) and enable the ID tokens field\
 
 
-    <figure><img src="../.gitbook/assets/obraz (11).png" alt=""><figcaption></figcaption></figure>
+    <figure><img src="../../.gitbook/assets/obraz (11).png" alt=""><figcaption></figcaption></figure>
 
 
 14. Now you should be good to go. A new login button should appear on the login screen.
diff --git a/enterprise/license.md b/enterprise/license.md
@@ -4,7 +4,7 @@ icon: file-certificate
 
 # License
 
-Defguard Enterprise offers a lot of functionalities that are not offered in the Open Source Open Core, like external OpenID Connect support, automatic\&real time desktop client synchronization and configuration, and much more (go to [All Enterprise Features](all-enteprise-features.md) to see more). In order to activate those features an Enterprise License must be obtained.
+Defguard Enterprise offers a lot of functionalities that are not offered in the Open Source Open Core, like external OpenID Connect support, automatic\&real time desktop client synchronization and configuration, and much more (go to [All Enterprise Features](all-enteprise-features/) to see more). In order to activate those features an Enterprise License must be obtained.
 
 {% hint style="info" %}
 From release 1.1.0 (to be released mid Nov 2024) **all enterprise features up to the following limits are free and no license is required!**
diff --git a/features/setting-up-your-instance/upgrading.md b/features/setting-up-your-instance/upgrading.md
@@ -23,7 +23,7 @@ If you have duplicate emails in your database, the migrations during the upgrade
 
 ### Desktop Client Real Time Sync
 
-From 1.0.0 we have introduced [Enterprise features](../../enterprise/all-enteprise-features.md),  and one of them is [automatic and real-time desktop client configuration synchronisation](../../enterprise/automatic-real-time-desktop-client-configuration.md).
+From 1.0.0 we have introduced [Enterprise features](../../enterprise/all-enteprise-features/),  and one of them is [automatic and real-time desktop client configuration synchronisation](../../enterprise/all-enteprise-features/automatic-real-time-desktop-client-configuration.md).
 
 To enable this on an **already configured desktop client** one must perform one time instance update, which will generate necessary tokens on the client to perform from now on automatic updates. In details:
 
diff --git a/help/configuring-vpn/add-new-instance/update-instance.md b/help/configuring-vpn/add-new-instance/update-instance.md
@@ -11,7 +11,7 @@ If you are looking for how to generate tokens for your users as an Administrator
 {% endhint %}
 
 {% hint style="warning" %}
-Updating the desktop client instance manually is only done if you are using defguard Open Source Open Core, if you have an Enterprise License, all desktop clients and all instances are [synchronized automatically and in real-time.](../../../enterprise/automatic-real-time-desktop-client-configuration.md)
+Updating the desktop client instance manually is only done if you are using defguard Open Source Open Core, if you have an Enterprise License, all desktop clients and all instances are [synchronized automatically and in real-time.](../../../enterprise/all-enteprise-features/automatic-real-time-desktop-client-configuration.md)
 {% endhint %}
 
 ## Why do instances need updates?
