docs: update SSO pricing

tianzhou · tianzhou · commit 10845b21d761 · 2024-11-20T18:46:24.000+08:00
diff --git a/content/docs/administration/sso/ldap.md b/content/docs/administration/sso/ldap.md
@@ -1,5 +1,6 @@
 ---
 title: Lightweight Directory Access Protocol (LDAP)
+feature_name: SSO_ADVANCED
 ---
 
 Lightweight Directory Access Protocol (LDAP) is a vendor-neutral software protocol used to lookup information or devices within a network. Bytebase supports using LDAP for configuring Single Sign-On (SSO).
@@ -8,25 +9,25 @@ Lightweight Directory Access Protocol (LDAP) is a vendor-neutral software protoc
 
 Basic information:
 
-* **Name**: the display name shown to your users (e.g. `JumpCloud`)
-* **Identity Provider ID**: a human-readable unique string, only lower-case alphabets and hyphens are allowed (e.g. `jumpcloud`)
-* **Domain**: the domain name to scope associated users (e.g. `jumpcloud.com`, optional)
+- **Name**: the display name shown to your users (e.g. `JumpCloud`)
+- **Identity Provider ID**: a human-readable unique string, only lower-case alphabets and hyphens are allowed (e.g. `jumpcloud`)
+- **Domain**: the domain name to scope associated users (e.g. `jumpcloud.com`, optional)
 
 Identity provider information:
 
-* **Host**: the host of LDAP server (e.g. `ldap.jumpcloud.com`)
-* **Port**: the port number of the LDAP server, usually 389 for StartTLS and 636 for LDAPS
-* **Bind DN**: the Distinguished Name (DN) of the user to bind as a service account to perform search requests (e.g. `uid=system,ou=Users,dc=jumpcloud,dc=com`)
-* **Bind Password**: the password of the user to bind as a service account
-* **Base DN**: the base Distinguished Name (DN) to search for users (e.g. `ou=users,dc=jumpcloud,dc=com`)
-* **User Filter**: the filter to search for users (e.g. `(uid=%s)`, where `%s` will be subsituted by the username)
-* **Security protocol**: the security protocol to be used for establishing connections with the LDAP server
+- **Host**: the host of LDAP server (e.g. `ldap.jumpcloud.com`)
+- **Port**: the port number of the LDAP server, usually 389 for StartTLS and 636 for LDAPS
+- **Bind DN**: the Distinguished Name (DN) of the user to bind as a service account to perform search requests (e.g. `uid=system,ou=Users,dc=jumpcloud,dc=com`)
+- **Bind Password**: the password of the user to bind as a service account
+- **Base DN**: the base Distinguished Name (DN) to search for users (e.g. `ou=users,dc=jumpcloud,dc=com`)
+- **User Filter**: the filter to search for users (e.g. `(uid=%s)`, where `%s` will be subsituted by the username)
+- **Security protocol**: the security protocol to be used for establishing connections with the LDAP server
 
 User information field mapping:
 
-* **Email**: the attribute to be used as the Bytebase user email address (e.g. `mail`)
-* **Display name**: the attribute to be used as the Bytebase user display name (e.g. `displayName`, optional)
-* **Phone**: the attribute to be used as the Bytebase user phone number (e.g. `phone`, optional)
+- **Email**: the attribute to be used as the Bytebase user email address (e.g. `mail`)
+- **Display name**: the attribute to be used as the Bytebase user display name (e.g. `displayName`, optional)
+- **Phone**: the attribute to be used as the Bytebase user phone number (e.g. `phone`, optional)
 
 ### JumpCloud
 
@@ -73,4 +74,3 @@ The attribute `uid` is the username (e.g. `system`) not the email (e.g. `system@
    - **Security protocol** `StartTLS`
    - **Email**: `mail`
    - **Display name**: `cn`
-
diff --git a/content/docs/administration/sso/oauth2.md b/content/docs/administration/sso/oauth2.md
@@ -60,8 +60,23 @@ If you start Bytebase with `--external-url http://bytebase.example.com`, then th
 
 Bytebase provides templates for configuring built-in OAuth providers.
 
+### Google
+
+<PricingPlanBlock feature_name='SSO_BASIC' />
+
+1. Follow the [Using OAuth 2.0 to Access Google APIs](https://developers.google.com/identity/protocols/oauth2) to create OAuth 2.0 client credentials in [Google API Console](https://console.developers.google.com/).
+
+   ![google-oauth-app-config](/content/docs/administration/sso/google-oauth-app-config.webp)
+
+2. Open creating SSO dialog and select the **Google** template.
+3. Update the **Client ID** and **Client secret** fields with the OAuth 2.0 client credential you just created.
+4. After filling in all the required fields, try to click **Test connection**.
+5. If everything is OK, click the **Create** button.
+
 ### GitHub
 
+<PricingPlanBlock feature_name='SSO_BASIC' />
+
 1. Follow [Creating an OAuth App in GitHub](https://docs.github.com/en/developers/apps/building-oauth-apps/creating-an-oauth-app) to create an OAuth app in GitHub.
 
    ![github-oauth-app-config](/content/docs/administration/sso/github-oauth-app-config.webp)
@@ -73,6 +88,8 @@ Bytebase provides templates for configuring built-in OAuth providers.
 
 ### GitLab
 
+<PricingPlanBlock feature_name='SSO_ADVANCED' />
+
 1. Follow [Configure GitLab as an OAuth 2.0 authentication identity provider](https://docs.gitlab.com/ee/integration/oauth_provider.html) to create an OAuth 2 application in GitLab.
 
    ![gitlab-oauth-app-config](/content/docs/administration/sso/gitlab-oauth-app-config.webp)
@@ -82,19 +99,10 @@ Bytebase provides templates for configuring built-in OAuth providers.
 4. After filling in all the required fields, try to click **Test connection**.
 5. If everything is OK, click the **Create** button.
 
-### Google
-
-1. Follow the [Using OAuth 2.0 to Access Google APIs](https://developers.google.com/identity/protocols/oauth2) to create OAuth 2.0 client credentials in [Google API Console](https://console.developers.google.com/).
-
-   ![google-oauth-app-config](/content/docs/administration/sso/google-oauth-app-config.webp)
-
-2. Open creating SSO dialog and select the **Google** template.
-3. Update the **Client ID** and **Client secret** fields with the OAuth 2.0 client credential you just created.
-4. After filling in all the required fields, try to click **Test connection**.
-5. If everything is OK, click the **Create** button.
-
 ### Microsoft Entra (Azure AD)
 
+<PricingPlanBlock feature_name='SSO_ADVANCED' />
+
 1. Follow the [Register an application with the Microsoft identity platform](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app) to create an Application in [Microsoft Entra admin center](https://entra.microsoft.com/).
 
    ![entra-endpoints](/content/docs/administration/sso/entra-endpoints.webp)
diff --git a/content/docs/administration/sso/oidc.md b/content/docs/administration/sso/oidc.md
@@ -1,5 +1,6 @@
 ---
 title: OpenID Connect (OIDC)
+feature_name: SSO_ADVANCED
 ---
 
 OpenID Connect (OIDC) is a simple identity layer on top of the OAuth 2.0 protocol. Bytebase supports using OIDC for configuring Single Sign-On (SSO).
diff --git a/content/docs/administration/sso/overview.md b/content/docs/administration/sso/overview.md
@@ -1,6 +1,5 @@
 ---
 title: Single Sign-On (SSO)
-feature_name: SSO
 ---
 
 Single Sign-On (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials.
diff --git a/src/components/pages/pricing/hero/hero.tsx b/src/components/pages/pricing/hero/hero.tsx
@@ -50,7 +50,7 @@ const cards: TCard[] = [
       'Up to 20 users',
       '10 database instances',
       'Manual review, scheduled rollout',
-      'Batch change',
+      'Google, GitHub SSO',
     ],
   },
   {
@@ -66,7 +66,7 @@ const cards: TCard[] = [
       'SLA support',
       'Unlimited users',
       'Unlimited database instances',
-      'SSO, SCIM, 2FA, Audit log',
+      'OIDC, LDAP SSO, SCIM, 2FA, Audit log',
       'Custom approval, dynamic data masking',
     ],
   },
diff --git a/src/components/pages/pricing/table/data/pricing-plans.ts b/src/components/pages/pricing/table/data/pricing-plans.ts
@@ -48,12 +48,13 @@ const PLANS: { free: Plan; pro: Plan; enterprise: Plan } = {
       shared: false,
     },
     security: {
+      sso: false,
       rbac: true,
       'slow-query': true,
       archiving: true,
       'secret-variable': false,
+      'signup-restriction': false,
       'secret-manager': false,
-      sso: false,
       scim: false,
       twofa: false,
       ssh: false,
@@ -63,7 +64,6 @@ const PLANS: { free: Plan; pro: Plan; enterprise: Plan } = {
       'access-control': false,
       watermark: false,
       'audit-log': false,
-      'signup-restriction': false,
       'signin-frequency': false,
       anomaly: { value: 'Basic', tooltip: 'Connection failure' },
     },
@@ -126,12 +126,13 @@ const PLANS: { free: Plan; pro: Plan; enterprise: Plan } = {
       shared: true,
     },
     security: {
+      sso: 'Google, GitHub',
       rbac: true,
       'slow-query': true,
       archiving: true,
       'secret-variable': true,
+      'signup-restriction': true,
       'secret-manager': false,
-      sso: false,
       scim: false,
       twofa: false,
       ssh: false,
@@ -141,7 +142,6 @@ const PLANS: { free: Plan; pro: Plan; enterprise: Plan } = {
       'access-control': false,
       watermark: false,
       'audit-log': false,
-      'signup-restriction': false,
       'signin-frequency': false,
       anomaly: { value: 'Basic', tooltip: 'Connection failure' },
     },
@@ -204,12 +204,13 @@ const PLANS: { free: Plan; pro: Plan; enterprise: Plan } = {
       shared: true,
     },
     security: {
+      sso: 'OAuth, LDAP, OIDC',
       rbac: true,
       'slow-query': true,
       archiving: true,
       'secret-variable': true,
+      'signup-restriction': true,
       'secret-manager': true,
-      sso: true,
       scim: true,
       twofa: true,
       ssh: true,
@@ -219,7 +220,6 @@ const PLANS: { free: Plan; pro: Plan; enterprise: Plan } = {
       'access-control': true,
       watermark: true,
       'audit-log': true,
-      'signup-restriction': true,
       'signin-frequency': true,
       anomaly: { value: 'Advanced', tooltip: 'Basic + Schema drift detection' },
     },
@@ -283,22 +283,22 @@ const LABELS = [
   {
     title: 'Data Security & Compliance',
     items: {
+      sso: 'Single sign-on (SSO)',
       rbac: 'RBAC',
       'slow-query': 'Slow Query',
       archiving: 'Archiving',
       'secret-variable': 'Secret variable',
+      'signup-restriction': 'Self-signup restriction',
       'secret-manager': 'External secret manager',
-      sso: 'Single sign-on (SSO)',
       scim: 'SCIM',
       twofa: 'Two-factor authentication (2FA)',
       ssh: 'SSH tunnel',
       'query-and-export-workflow': 'Query and export approval workflow',
       environment: 'Environment tier',
-      masking: 'Sensitive data masking',
+      masking: 'Dynamic data masking',
       'access-control': 'Data access control',
       watermark: 'Watermark',
       'audit-log': 'Audit log',
-      'signup-restriction': 'Sign-up restriction',
       'signin-frequency': 'Sign-in frequency',
       anomaly: 'Anomaly detection',
     },
diff --git a/src/lib/features.ts b/src/lib/features.ts
@@ -52,7 +52,7 @@ export const FEATURES = {
   DATABASE_PERMISSION: 'Data Access Control',
   WATERMARK: 'Watermark',
   AUDIT_LOG: 'Audit Log',
-  SIGNUP_RESTRICTION: 'Sign-up Restriction',
+  SIGNUP_RESTRICTION: 'Self-signup restriction',
   SIGNIN_FREQUENCY: 'Sign-in Frequency',
   ANOMALY_CENTER: 'Anomaly Center',
 
diff --git a/src/lib/pricing-plan.ts b/src/lib/pricing-plan.ts
@@ -50,7 +50,8 @@ const PRICING_PLANS = new Map([
   ['BACKUP_POLICY', 'PRO'],
   ['SECRET_VARIABLE', 'PRO'],
   ['EXTERNAL_SECRET_MANAGER', 'ENTERPRISE'],
-  ['SSO', 'ENTERPRISE'],
+  ['SSO_BASIC', 'ENTERPRISE'],
+  ['SSO_ADVANCED', 'ENTERPRISE'],
   ['SCIM', 'ENTERPRISE'],
   ['2FA', 'ENTERPRISE'],
   ['SSH_TUNNEL', 'ENTERPRISE'],
