Merge branch 'main' of https://github.com/kinde-oss/documentation into feat/workflow-docs

DaveOrDead · DaveOrDead · commit 1babb9799f04 · 2025-04-24T13:51:44.000+10:00
diff --git a/src/content/docs/authenticate/enterprise-connections/advanced-saml-configurations.mdx b/src/content/docs/authenticate/enterprise-connections/advanced-saml-configurations.mdx
@@ -62,6 +62,8 @@ Only configure key attributes if supported by your IdP.
 
 You can pass provider-specific parameters to an Identity Provider (IdP) during authentication. These are also known as 'upstream params'. The values your pass can either be static per connection or dynamic per user.
 
-You can use upstream paramsto create a smoother sign in experience - by passing the email through, or to offer an account switcher (such as the Google account switcher) during sign in.
+You can use upstream params to create a smoother sign in experience - by passing the email through, or to offer an account switcher (such as the Google account switcher) during sign in.
 
 Note that every identity provider has their own set of supported parameters and values, so you'll need to check their documentation to determine which URL parameters are supported.
+
+For more information, see [Pass parameters to identity providers](/authenticate/auth-guides/pass-params-idp/).
diff --git a/src/content/docs/authenticate/enterprise-connections/cloudflare-saml.mdx b/src/content/docs/authenticate/enterprise-connections/cloudflare-saml.mdx
@@ -62,8 +62,8 @@ You can make a connection available only to a specific organization, or you can
 
     ![ACS URL and custom domain option](https://imagedelivery.net/skPPZTHzSlcslvHjesZQcQ/885eda9c-ca4f-4340-db17-224023b8c300/public)
 
-11. Copy the reply relevant URL: 
-    1. If you don't use a custom domain, copy the **Assertion customer service (ACS) URL**.
+11. Copy the relevant reply URL: 
+    1. If you don't use a custom domain, copy the **ACS URL**.
     2. If you do use a custom domain, select the **Use custom domain instead** option and copy the custom domain URL. 
     Later, add this URL to your identity provider configuration.
 12. If you want to enable just-in-time (JIT) provisioning for users, select the **Create a user record in Kinde** option. This saves time adding users manually or via API later.
diff --git a/src/content/docs/authenticate/enterprise-connections/custom-saml-google-workspace.mdx b/src/content/docs/authenticate/enterprise-connections/custom-saml-google-workspace.mdx
@@ -60,8 +60,8 @@ You can make a connection available only to a specific organization, or you can
 
     ![ACS URL and custom domain option](https://imagedelivery.net/skPPZTHzSlcslvHjesZQcQ/885eda9c-ca4f-4340-db17-224023b8c300/public)
 
-11. Copy the reply relevant URL: 
-    1. If you don't use a custom domain, copy the **Assertion customer service (ACS) URL**.
+11. Copy the relevant reply URL: 
+    1. If you don't use a custom domain, copy the **ACS URL**.
     2. If you do use a custom domain, select the **Use custom domain instead** option and copy the custom domain URL. 
     Later, add this URL to your identity provider configuration.
 12. If you want to enable just-in-time (JIT) provisioning for users, select the **Create a user record in Kinde** option. This saves time adding users manually or via API later.
diff --git a/src/content/docs/authenticate/enterprise-connections/custom-saml.mdx b/src/content/docs/authenticate/enterprise-connections/custom-saml.mdx
@@ -82,8 +82,8 @@ Depending on your SAML set up, you may need to include advanced configurations f
 
     ![ACS URL and custom domain option](https://imagedelivery.net/skPPZTHzSlcslvHjesZQcQ/885eda9c-ca4f-4340-db17-224023b8c300/public)
 
-12. Copy the reply relevant URL: 
-    1. If you don't use a custom domain, copy the **Assertion customer service (ACS) URL**.
+12. Copy the relevant reply URL: 
+    1. If you don't use a custom domain, copy the **ACS URL**.
     2. If you do use a custom domain, select the **Use custom domain instead** option and copy the custom domain URL. 
     Later, add this URL to your identity provider configuration.
 13. If you want to enable just-in-time (JIT) provisioning for users, select the **Create a user record in Kinde** option. This saves time adding users manually or via API later.
diff --git a/src/content/docs/authenticate/enterprise-connections/entra-id-saml.mdx b/src/content/docs/authenticate/enterprise-connections/entra-id-saml.mdx
@@ -77,8 +77,8 @@ You can make a connection available only to a specific organization, or you can
    ![SAML configuration screen](https://imagedelivery.net/skPPZTHzSlcslvHjesZQcQ/dbdccca5-2e6c-4dd8-eaec-e029574daf00/public)
 
 10. If you use home realm domains, the sign in button is hidden on the auth screen by default. To show the SSO button, select the **Always show sign-in button** option. 
-11. Copy the reply relevant URL: 
-    1. If you don't use a custom domain, copy the **Assertion customer service (ACS) URL**.
+11. Copy the relevant reply URL: 
+    1. If you don't use a custom domain, copy the **ACS URL**.
     2. If you do use a custom domain, select the **Use custom domain instead** option and copy the custom domain URL. 
     Later, add this URL to your identity provider configuration.
 
diff --git a/src/content/docs/authenticate/enterprise-connections/okta-saml-connection.mdx b/src/content/docs/authenticate/enterprise-connections/okta-saml-connection.mdx
@@ -43,7 +43,7 @@ Depending on your SAML set up, you may need to include advanced configurations f
 
    ![Okta connection config window](https://imagedelivery.net/skPPZTHzSlcslvHjesZQcQ/a06249d4-d368-43f7-bba1-9df10d80aa00/public)
 
-3. Enter the **IdP metadata URL**. This URL comes from your identity provider.
+3. Enter the **IdP metadata URL**. This URL comes from your identity provider. If you haven't set up your app yet, you can add this later. 
 
    ![optional fields for saml](https://imagedelivery.net/skPPZTHzSlcslvHjesZQcQ/4f1851db-5c34-496b-ced1-07c1cd272b00/public)
 
@@ -60,8 +60,8 @@ Depending on your SAML set up, you may need to include advanced configurations f
 
     ![ACS URL and custom domain option](https://imagedelivery.net/skPPZTHzSlcslvHjesZQcQ/885eda9c-ca4f-4340-db17-224023b8c300/public)
 
-11. Copy the reply relevant URL: 
-    1. If you don't use a custom domain, copy the **Assertion customer service (ACS) URL**.
+11. Copy the relevant reply URL: 
+    1. If you don't use a custom domain, copy the **ACS URL**.
     2. If you do use a custom domain, select the **Use custom domain instead** option and copy the custom domain URL. 
     Later, add this URL to your identity provider configuration.
 12. If you want to enable just-in-time (JIT) provisioning for users, select the **Create a user record in Kinde** option. This saves time adding users manually or via API later.
@@ -95,7 +95,7 @@ Depending on your SAML set up, you may need to include advanced configurations f
    3. **Name ID format:** Select **EmailAddress**.
    4. **Application username**: Select **Email**.
    5. Leave all other options to their default value and select **Next**.
-7. In the next screen, select **I'm a software vendor. I'd like to integrate my app with Okta**, then select **Finish**. You will be redirected to the newly created application in Okta.
+7. Select **Finish**. You will be redirected to the newly created application in Okta.
 8. Select the **Sign on** tab and copy the metadata URL.
 
    ![Metadata URL in Okta](https://imagedelivery.net/skPPZTHzSlcslvHjesZQcQ/9bdcb215-054e-45c1-11a7-2df2f4be7800/public)
@@ -109,3 +109,13 @@ Depending on your SAML set up, you may need to include advanced configurations f
    1. For environment-level connections, scroll down and select the apps that will use the auth method.
    2. For organization-level connections, scroll down and select if you want to switch this on for the org. 
 5. Select **Save**. You can now use Okta as an IdP for the selected applications.
+
+## Troubleshooting the connection
+
+If you get an error in Okta that says **User is not assigned to this application**, it means you need to assign a user or group to your Okta application.
+
+1. Go to the **Applications** section in your Okta Admin Console.
+2. Select the SAML 2.0 app you set up.
+3. Under the **Assignments** tab, click **Assign > Assign to People or Assign to Groups**.
+4. Choose the user or group you want to assign to this application and save your changes.
+
diff --git a/src/content/docs/workflows/example-workflows/new-password-provided-workflow.mdx b/src/content/docs/workflows/example-workflows/new-password-provided-workflow.mdx
@@ -96,7 +96,6 @@ if (!isMinCharacters) {
     "Provide a password at least 50 characters long"
   );
 }
-
 ```
 
 The field names for the widget binding in this workflow are:
@@ -112,4 +111,3 @@ See examples on GitHub:
 
 - [Sync passwords to another system](https://github.com/kinde-starter-kits/workflow-examples/blob/main/newPassword/securelySyncPasswordWorkflow.ts) - Use encryption keys to securely keep passwords in sync between systems.
 - [Custom password validation](https://github.com/kinde-starter-kits/workflow-examples/blob/main/newPassword/customPasswordValidationWorkflow.ts) - Shows how to validate a password against your own rules.
-
