GITBOOK-284: change request with no subject merged in GitBook

Author: defguard-community

README.md

@@ -6,8 +6,8 @@
 
 Defguard is a **comprehensive Remote Access Management solution** incorporating in one solution:
 
-* Remote Access secured by [WireGuard® VPN with 2FA/Multi-Factor Authentication](features/wireguard/),
-* Identity Management with [SSO based on OpenID Identity Provider](features/openid-connect/),
+* Remote Access secured by [WireGuard® VPN with 2FA/Multi-Factor Authentication](admin-and-features/features-and-configuration/wireguard/),
+* Identity Management with [SSO based on OpenID Identity Provider](admin-and-features/features-and-configuration/openid-connect/),
 * Account Lifecycle management with [secure remote account onboarding](help/enrollment.md).
 
 It's a **security platform** for building **secure** and **privacy-aware organizations,** as we put great emphasis not only on functionality but also on secure code, architecture and testing (application and security).
@@ -20,7 +20,7 @@ This approach is vastly different from most (if not all) VPN/IdP solutions, whic
 
 Incorporating IDM, ALM, VPN has also other advantages:
 
-1. Internal IdP with 2FA/MFA enables us to provide [**real VPN 2FA/MFA**](admin-and-features/wireguard/multi-factor-authentication-mfa-2fa/architecture.md) - and not like most applications just 2FA when opening the app (and not during the connection process). Even if you use [external OIDC](enterprise/external-openid-providers.md) (Google/Microsoft/Custom - which defguard supports), we still use our internal IdP for 2FA/MFA.
+1. Internal IdP with 2FA/MFA enables us to provide [**real VPN 2FA/MFA**](admin-and-features/features-and-configuration/wireguard/multi-factor-authentication-mfa-2fa/architecture.md) - and not like most applications just 2FA when opening the app (and not during the connection process). Even if you use [external OIDC](enterprise/external-openid-providers.md) (Google/Microsoft/Custom - which defguard supports), we still use our internal IdP for 2FA/MFA.
 2. Your organisation may use just **one account** (login) for access control to all your applications as well as VPN.
 3. It simplifies deployment, maintenance, audits.
 
@@ -47,7 +47,7 @@ It also means having **fundamental secure processes,** like:
 
 ### Remote Access with WireGuard® VPN 2FA/MFA:
 
-* [**Multi-Factor Authentication**](admin-and-features/wireguard/multi-factor-authentication-mfa-2fa/) using our [desktop client](https://defguard.net/client)
+* [**Multi-Factor Authentication**](admin-and-features/features-and-configuration/wireguard/multi-factor-authentication-mfa-2fa/) using our [desktop client](https://defguard.net/client)
 * **multiple VPN Locations** (networks/sites) - with defined access (all users or only Admin group)
 * multiple [Gateways](https://github.com/DefGuard/gateway) for each VPN Location (**high availability/failover**) - supported on a cluster of routers/firewalls for Linux, FreeBSD/PFSense/OPNSense
 * import your current WireGuard server configuration (with a wizard!)
@@ -100,16 +100,16 @@ Follow our handy guides to get started on the basics as quickly as possible:
 [setting-up-your-instance](features/setting-up-your-instance/)
 {% endcontent-ref %}
 
-{% content-ref url="features/wireguard/create-your-vpn-network.md" %}
-[create-your-vpn-network.md](features/wireguard/create-your-vpn-network.md)
+{% content-ref url="admin-and-features/features-and-configuration/wireguard/create-your-vpn-network.md" %}
+[create-your-vpn-network.md](admin-and-features/features-and-configuration/wireguard/create-your-vpn-network.md)
 {% endcontent-ref %}
 
-{% content-ref url="features/ldap-synchronization-setup/" %}
-[ldap-synchronization-setup](features/ldap-synchronization-setup/)
+{% content-ref url="admin-and-features/features-and-configuration/ldap-synchronization-setup/" %}
+[ldap-synchronization-setup](admin-and-features/features-and-configuration/ldap-synchronization-setup/)
 {% endcontent-ref %}
 
-{% content-ref url="community-features/webhooks.md" %}
-[webhooks.md](community-features/webhooks.md)
+{% content-ref url="admin-and-features/features-and-configuration/webhooks.md" %}
+[webhooks.md](admin-and-features/features-and-configuration/webhooks.md)
 {% endcontent-ref %}
 
 {% content-ref url="help/desktop-client.md" %}

SUMMARY.md

@@ -4,13 +4,13 @@
 
 ## User documentation (help) <a href="#help" id="help"></a>
 
-* [Enrollment & Onboarding](help/enrollment.md)
 * [Configuring VPN](help/configuring-vpn/README.md)
   * [Adding instance to defguard client](help/configuring-vpn/add-new-instance/README.md)
     * [Update instance](help/configuring-vpn/add-new-instance/update-instance.md)
   * [Adding a device manually](help/configuring-vpn/adding-wireguard-devices/README.md)
     * [Configuring manually a device for a new VPN Location](help/configuring-vpn/adding-wireguard-devices/configuring-a-device-for-a-new-vpn-location.md)
 * [Password change / Reset](help/changing-your-password.md)
+* [Enrollment & Onboarding](help/enrollment.md)
 * [Setting up 2FA/MFA](help/setting-up-2fa-mfa.md)
 * [Desktop Client](help/desktop-client.md)
 
@@ -34,32 +34,33 @@
   * [Pre-production and development releases](admin-and-features/setting-up-your-instance/pre-production-and-development-releases.md)
   * [High Availability and Failover](admin-and-features/setting-up-your-instance/high-availability-and-failover.md)
   * [Health check](features/setting-up-your-instance/health-check.md)
-* [Remote user enrollment](features/remote-user-enrollment/README.md)
-  * [User onboarding after enrollment](features/remote-user-enrollment/user-onboarding-after-enrollment.md)
-* [OpenID Connect](features/openid-connect/README.md)
-  * [Portainer](features/openid-connect/portainer.md)
-  * [Grafana setup](features/openid-connect/grafana-setup.md)
-  * [Proxmox](features/openid-connect/proxmox.md)
-  * [Matrix / Synapse](features/openid-connect/proxmox-1.md)
-  * [Django](features/openid-connect/django.md)
-  * [MinIO](features/openid-connect/minio.md)
-  * [Vault](features/openid-connect/vault.md)
-* [Wireguard](features/wireguard/README.md)
-  * [Create your VPN network](features/wireguard/create-your-vpn-network.md)
-  * [Network overview](community-features/wireguard/network-overview.md)
-  * [Executing custom gateway commands](admin-and-features/wireguard/executing-custom-gateway-commands.md)
-  * [Multi-Factor Authentication (MFA/2FA)](admin-and-features/wireguard/multi-factor-authentication-mfa-2fa/README.md)
-    * [MFA Architecture](admin-and-features/wireguard/multi-factor-authentication-mfa-2fa/architecture.md)
-  * [Remote desktop client configuration](admin-and-features/wireguard/remote-desktop-activation.md)
-  * [DNS and domains](admin-and-features/wireguard/dns-and-domains.md)
-* [SMTP for email notifications](help/setting-up-smtp-for-email-notifications.md)
-* [LDAP synchronization](features/ldap-synchronization-setup/README.md)
-  * [Configuration](features/ldap-synchronization-setup/configuration.md)
-  * [Settings table](features/ldap-synchronization-setup/settings-table.md)
-* [YubiKey Provisioning](features/yubikey-provisioning.md)
-* [Webhooks](community-features/webhooks.md)
-* [Forward auth](features/forward-auth.md)
-* [SSH Authentication](features/ssh-authentication.md)
+* [Features & configuration](admin-and-features/features-and-configuration/README.md)
+  * [VPN with 2FA/MFA](admin-and-features/features-and-configuration/wireguard/README.md)
+    * [Create your VPN network](admin-and-features/features-and-configuration/wireguard/create-your-vpn-network.md)
+    * [Network overview](admin-and-features/features-and-configuration/wireguard/network-overview.md)
+    * [Executing custom gateway commands](admin-and-features/features-and-configuration/wireguard/executing-custom-gateway-commands.md)
+    * [Multi-Factor Authentication (MFA/2FA)](admin-and-features/features-and-configuration/wireguard/multi-factor-authentication-mfa-2fa/README.md)
+      * [MFA Architecture](admin-and-features/features-and-configuration/wireguard/multi-factor-authentication-mfa-2fa/architecture.md)
+    * [Remote desktop client configuration](admin-and-features/features-and-configuration/wireguard/remote-desktop-activation.md)
+    * [DNS and domains](admin-and-features/features-and-configuration/wireguard/dns-and-domains.md)
+  * [Remote user enrollment](admin-and-features/features-and-configuration/remote-user-enrollment/README.md)
+    * [User onboarding after enrollment](admin-and-features/features-and-configuration/remote-user-enrollment/user-onboarding-after-enrollment.md)
+  * [SSO (OpenID Connect)](admin-and-features/features-and-configuration/openid-connect/README.md)
+    * [Portainer](admin-and-features/features-and-configuration/openid-connect/portainer.md)
+    * [Grafana setup](admin-and-features/features-and-configuration/openid-connect/grafana-setup.md)
+    * [Proxmox](admin-and-features/features-and-configuration/openid-connect/proxmox.md)
+    * [Matrix / Synapse](admin-and-features/features-and-configuration/openid-connect/proxmox-1.md)
+    * [Django](admin-and-features/features-and-configuration/openid-connect/django.md)
+    * [MinIO](admin-and-features/features-and-configuration/openid-connect/minio.md)
+    * [Vault](admin-and-features/features-and-configuration/openid-connect/vault.md)
+  * [SMTP for email notifications](admin-and-features/features-and-configuration/setting-up-smtp-for-email-notifications.md)
+  * [LDAP synchronization](admin-and-features/features-and-configuration/ldap-synchronization-setup/README.md)
+    * [Configuration](admin-and-features/features-and-configuration/ldap-synchronization-setup/configuration.md)
+    * [Settings table](admin-and-features/features-and-configuration/ldap-synchronization-setup/settings-table.md)
+  * [YubiKey Provisioning](admin-and-features/features-and-configuration/yubikey-provisioning.md)
+  * [Webhooks](admin-and-features/features-and-configuration/webhooks.md)
+  * [Forward auth](admin-and-features/features-and-configuration/forward-auth.md)
+  * [SSH Authentication](admin-and-features/features-and-configuration/ssh-authentication.md)
 
 ## Enterprise Features <a href="#enterprise" id="enterprise"></a>
 

admin-and-features/features-and-configuration/README.md

@@ -0,0 +1,6 @@
+---
+icon: screwdriver-wrench
+---
+
+# Features & configuration
+

features/forward-auth.md …atures-and-configuration/forward-auth.mdfeatures/forward-auth.md renamed to admin-and-features/features-and-configuration/forward-auth.md features/forward-auth.md renamed to admin-and-features/features-and-configuration/forward-auth.md

@@ -7,7 +7,7 @@ In order for forward auth to work the services you are trying to protect must be
 
 For example if you are serving your defguard UI at `id.yourdomain.com`, then your services must use other subdomains of `yourdomain.com`, e.g. ``app1.yourdomain.com, `service.yourdomain.com` etc``.
 
-Additionally you have to update your [defguard config](setting-up-your-instance/configuration.md#auth-cookies-configuration) to set the cookies domain to `yourdomain.com`.
+Additionally you have to update your [defguard config](../../features/setting-up-your-instance/configuration.md#auth-cookies-configuration) to set the cookies domain to `yourdomain.com`.
 {% endhint %}
 
 ## Example configurations

…res/ldap-synchronization-setup/README.md …ion/ldap-synchronization-setup/README.mdfeatures/ldap-synchronization-setup/README.md renamed to admin-and-features/features-and-configuration/ldap-synchronization-setup/README.md features/ldap-synchronization-setup/README.md renamed to admin-and-features/features-and-configuration/ldap-synchronization-setup/README.md

@@ -8,7 +8,7 @@ description: How to configure connection between Defguard instance and LDAP.
 
 First, navigate to the settings page and select the LDAP tab.
 
-<figure><img src="../../.gitbook/assets/image (18).png" alt=""><figcaption><p>Defguard settings page</p></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (18).png" alt=""><figcaption><p>Defguard settings page</p></figcaption></figure>
 
 Now change fields according to your LDAP instance.
 

…p-synchronization-setup/configuration.md …p-synchronization-setup/configuration.mdfeatures/ldap-synchronization-setup/configuration.md renamed to admin-and-features/features-and-configuration/ldap-synchronization-setup/configuration.md features/ldap-synchronization-setup/configuration.md renamed to admin-and-features/features-and-configuration/ldap-synchronization-setup/configuration.md

@@ -1,4 +1,4 @@
-# OpenID Connect
+# SSO (OpenID Connect)
 
 ## OpenID Connect
 
@@ -12,15 +12,15 @@ As an identity provider one of our core features is Login with Defguard which al
 
 ### Defguard OpenID flow
 
-![OpenID flow](../../in-depth/puml/openid-flow.svg)
+![OpenID flow](../../../in-depth/puml/openid-flow.svg)
 
 ### How to enable login with Defguard using OpenID?
 
 #### Client creation
 
 To enable login with other app first you need to add it as new OpenID client. To do it navigate to OpenID Apps on the left side navigation then click Add new button.
 
-![OpenID add client form](../../.gitbook/assets/OpenIDForm.png)
+![OpenID add client form](../../../.gitbook/assets/OpenIDForm.png)
 
 Here are explained inputs
 
@@ -169,4 +169,4 @@ On the sidebar or by clicking links below you can find tutorials how to configur
 
 {% content-ref url="vault.md" %}
 [vault.md](vault.md)
-{% endcontent-ref %}
+{% endcontent-ref %}

…-synchronization-setup/settings-table.md …-synchronization-setup/settings-table.mdfeatures/ldap-synchronization-setup/settings-table.md renamed to admin-and-features/features-and-configuration/ldap-synchronization-setup/settings-table.md features/ldap-synchronization-setup/settings-table.md renamed to admin-and-features/features-and-configuration/ldap-synchronization-setup/settings-table.md

@@ -13,7 +13,7 @@ This guide assumes both **Defguard** and **Django** are running on **localhost**
 We will run Defguard instance on default port <mark style="color:blue;">8000</mark>.
 
 {% hint style="info" %}
-You can learn how to launch your Defguard instance in the following article: [setting-up-your-instance](../setting-up-your-instance/ "mention")
+You can learn how to launch your Defguard instance in the following article: [setting-up-your-instance](../../../features/setting-up-your-instance/ "mention")
 {% endhint %}
 
 #### Configuration
@@ -121,9 +121,9 @@ We need to register our Django application as an OpenID client in Defguard.
 
 To do that, navigate to OpenID panel and add new client as shown below.
 
-<figure><img src="../../.gitbook/assets/image (9) (1).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (9) (1).png" alt=""><figcaption></figcaption></figure>
 
-<figure><img src="../../.gitbook/assets/image (11) (1).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (11) (1).png" alt=""><figcaption></figcaption></figure>
 
 Redirect URL should point to **http://localhost:9000/oauth/redirect**
 
@@ -209,7 +209,7 @@ Either provide them as environment variables or modify the views file and pass t
 
 Both Client **ID** and **Secret** can be found on OpenID apps page in Defguard, **click** our Django app **row** on the list and you will be able to copy needed values from the opened modal.
 
-<figure><img src="../../.gitbook/assets/image (12) (1).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (12) (1).png" alt=""><figcaption></figcaption></figure>
 
 ### URLS
 
@@ -411,10 +411,10 @@ After accessing _http://localhost:9000/admin we should see our custom login page
 
 Button "_Login with Defguard_" should redirect us to our Defguard instance. Depending on if Defguard session is active or not we should be able to see app authorization page or login page.
 
-<figure><img src="../../.gitbook/assets/image (6) (1).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (6) (1).png" alt=""><figcaption></figcaption></figure>
 
-<figure><img src="../../.gitbook/assets/image (3) (1).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (3) (1).png" alt=""><figcaption></figcaption></figure>
 
-<figure><img src="../../.gitbook/assets/image (7) (1).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (7) (1).png" alt=""><figcaption></figcaption></figure>
 
 When we authorize Django App to our Defguard account we are redirected back to our Django admin and logged in with a user from Defguard.