Add documentation for self-hosted pocketid integration (#432)

Author: jfrconley

public/docs-static/img/integrations/identity-providers/self-hosted/pocketid-create-api-token.png

@@ -601,6 +601,99 @@ NETBIRD_AUTH_PKCE_DISABLE_PROMPT_LOGIN=true
 #### Step 6: Continue with the NetBird Self-hosting Guide
 You've configured all required resources in Authentik. You can now continue with the [NetBird Self-hosting Guide](/selfhosted/selfhosted-guide#step-4-disable-single-account-mode-optional).
 
+### PocketID
+
+This guide is a part of the [NetBird Self-hosting Guide](/docs/selfhosted/selfhosted-guide) and explains how to integrate
+**self-hosted** NetBird with [PocketID](https://pocket-id.org/).
+
+<Note>
+    PocketID is a simplified identity management solution designed for self hosted environments.
+    It is secure and effective, but makes some tradeoffs in terms of features and usability.
+    Notably, it does not allow scoping the access of API Tokens.
+    This isn't an issue per se, but it does mean that you should keep careful track of the token used by NetBird for management.
+</Note>
+
+#### Step 1. Create and configure PocketID application
+In this step, we will create and configure NetBird application in pocketid.
+
+Create new PocketID OIDC Client
+- Navigate to pocketid console
+- Click the `Administration` dropdown in the left hand bar, then select `OIDC Clients`
+- Fill in the form with the following values and click `Continue`
+- Name: `NetBird`
+- Client Launch URL: `https://<domain>`
+- Callback URL's:
+- `http://localhost:53000`
+- `https://<domain>/auth`
+- `https://<domain>/silent-auth`
+- Logout Callback URL: `https://<domain>/`
+- Public Client: On
+- PKCE: On
+- Click `Save`
+
+<p>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/pocketid-create-oidc-client.png" alt="high-level-dia" className="imagewrapper-big"/>
+</p>
+
+- Copy `Client ID` will be used later in the `setup.env`
+
+#### Step 2: Application Token Configuration
+
+To configure the application token you need to:
+
+- Click `Administration` dropdown in the left hand bar, then select `API Keys`
+- Click `Add API Key`
+- Enter the following values and click `Save`
+- Name: 'NetBird Management Token'
+- Expires At: Pick a date in the future
+- Description: 'NetBird Management Token'
+- Click `Save`
+
+<p>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/pocketid-create-api-token.png" alt="high-level-dia" className="imagewrapper-big"/>
+</p>
+
+- Copy `API Key` will be used later in the `setup.env`
+
+
+Your authority OIDC configuration will be available under:
+
+```bash
+https://<YOUR_POCKETID_HOST_AND_PORT>/.well-known/openid-configuration
+```
+
+:::caution
+Double-check if the endpoint returns a JSON response by calling it from your browser.
+:::
+
+- Set properties in the `setup.env` file:
+```json
+NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT="https://<YOUR_POCKETID_HOST_AND_PORT>/.well-known/openid-configuration"
+NETBIRD_USE_AUTH0=false
+NETBIRD_AUTH_CLIENT_ID="<CLIENT_ID>"
+NETBIRD_AUTH_SUPPORTED_SCOPES="openid profile email groups"
+NETBIRD_AUTH_AUDIENCE="<CLIENT_ID>"
+NETBIRD_AUTH_REDIRECT_URI="/auth"
+NETBIRD_AUTH_SILENT_REDIRECT_URI="/silent-auth"
+NETBIRD_TOKEN_SOURCE="idToken"
+
+NETBIRD_AUTH_DEVICE_AUTH_PROVIDER="none"
+NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID="<CLIENT_ID>"
+NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE="<CLIENT_ID>"
+NETBIRD_AUTH_DEVICE_AUTH_SCOPE="openid profile email groups"
+NETBIRD_AUTH_DEVICE_AUTH_USE_ID_TOKEN=true
+
+NETBIRD_MGMT_IDP="pocketid"
+NETBIRD_IDP_MGMT_CLIENT_ID="netbird"
+NETBIRD_IDP_MGMT_EXTRA_MANAGEMENT_ENDPOINT="https://<YOUR_POCKETID_HOST_AND_PORT>"
+NETBIRD_IDP_MGMT_EXTRA_API_TOKEN="<API_TOKEN>"
+
+```
+
+#### Step 3: Continue with the NetBird Self-hosting Guide
+You've configured all required resources in PocketID. You can now continue with the [NetBird Self-hosting Guide](/selfhosted/selfhosted-guide#step-4-disable-single-account-mode-optional).
+
+
 ## Managed IDPs
 
 ### Azure AD (Microsoft Entra ID)