Finalise Waldur workflow docs for MLP (#117)

Author: bcumming

docs/access/mfa.md

@@ -67,9 +67,6 @@ Steps:
 5. To complete the OTP registration process, please enter the 6 digit OTP from the authenticator app at the bottom of the the same QR code page. Optionally, you can input your device name where you imported the OTP seed by scanning the QR code
 6. On successful registration you will be logged into the CSCS web application that you accessed in step-1
 
-!!! todo
-    do we need the images from KB?
-
 ### Resetting the Authenticator
 
 In case users lose access to their mobile device/Authenticator OTP, users can reset their OTP by following the below self-service process.

docs/accounts/account-create.md

@@ -0,0 +1,45 @@
+[](){#ref-account-create}
+# Creating an account
+
+!!! warning
+    The process for creating an account documented here applies only to users who are invited using the new [project and resource management tool][ref-account-waldur] (Waldur).
+
+When the CSCS Account Manager, project PI or Deputy PI invites the users they will receive an invitation email if the invited user has an **existing** CSCS account then the user clicks on the URL from the email and log-in with a username, password, OTP, and accept the invitation **whereas** if the invited user is new then the user needs to follow the step-by-step instructions below to get an account
+
+The email contains a URL that redirects you to the registration page:
+
+![](../images/access/invitation.png)
+
+Clicking the "Create a new account" button will lead the user to the second step where he needs to provide his personal information as shown below:
+
+![](../images/access/registration-form.png)
+
+After submitting personal information, users have to wait for CSCS to review and approve the submission.
+
+Once accepted, you will recieve an email with a link to set your password.
+
+```title="Acceptance email"
+Dear John Doe,
+
+Your username is nchallap.
+
+Please click here to set your password.
+
+Yours sincerely,
+
+CSCS Support Team.
+```
+
+Following the link in this email will take you to a page where you set your password.
+
+![](../images/access/password.png)
+
+After your password has been set, you will be redirected to a page where you log in using your username and password
+
+![](../images/access/first-login.png)
+
+From here you will need to set up [multi-factor authentification][ref-mfa-configure-otp] (MFA).
+
+Once MFA has been configured, you will finally be redirected to the CSCS portal as shown:
+
+![](../images/access/waldur-user-dashboard.png)

docs/accounts/waldur.md

@@ -15,20 +15,17 @@ Navigate to the site project management portal [portal.cscs.ch](https://portal.c
 
 After login to the portal, choose the corresponding organization in which the project was created.
 
-!!! todo
-    screenshot
+![waldur-org](../images/access/waldur-organisation.png)
 
-In this example, The project was hosted by the CSCS organization, and say the project name is `csstaff_n`, From the organization dashboard navigate to Projects and click on `csstaff_n` Project
+In this example, the project was hosted by the CSCS organization and the project name is `csstaff_n`. From the organization dashboard navigate to Projects and click on the `csstaff_n` project
 
-!!! todo
-    screenshot
+![waldur-proj](../images/access/waldur-project.png)
 
 ## Invite users
 
 From the project dashboard, navigate to Team -> Invitations
 
-!!! todo
-    screenshot
+![waldur-proj](../images/access/waldur-invitations.png)
 
 !!! info
     Using both the web interface and bulk invitation, the following roles can be assigned in the tool:
@@ -39,14 +36,18 @@ From the project dashboard, navigate to Team -> Invitations
 
 === "invite individual users"
 
-    To invite a user, click on the "Invite Users" button on the right hand side of the tab.
+    To invite an individual user, click on the green "Invite Users" button on the right hand side of the tab.
 
-    !!! todo
-        screenshot
+    You will then be prompted to enter the invitee's email address and assign them a role (PI, deputy PI or member)
 
-    !!! todo
-        screenshot
+    ![waldur-proj](../images/access/waldur-email.png)
 
+    !!! note "Role definitions"
+        The Waldur tool uses the following labels for the roles:
+
+        * **Project administrator**: PI
+        * **Project manager**: deputy PI
+        * **Project member**: member
 
 === "bulk invite"
 
@@ -61,7 +62,7 @@ From the project dashboard, navigate to Team -> Invitations
     ```
 
 !!! note
-    An email will be sent to the invited user:
+    An email will be sent to invited users:
 
     * users who already have CSCS accounts should click on the link in the email they received, and authenticate against CSCS KeyCloak with username, password, and OTP to accept the invitation.
-    * new users should follow the procedure to create a CSCS account.
+    * new users should follow the procedure to [create a CSCS account][ref-account-create].