Merge branch 'internal/nginxaas-next' into internal/nginxaas-get-help

Author: JTorreG

content/nginxaas-google/getting-started/manage-users-accounts.md

@@ -14,21 +14,20 @@ This document explains how to manage users and accounts in F5 NGINXaaS for Googl
 
 Before you start, ensure you understand the following concepts:
 
-- **NGINXaaS Account**: Represents a Google Cloud procurement with an active Marketplace NGINXaaS subscription, linked to a billing account. To create an account, see the signup documentation in [prerequisites]({{< ref "/nginxaas-google/getting-started/prerequisites.md" >}}).
-- **User**: A user is anyone who has access to an NGINXaaS Account through their Google Identity. The same Google Identity can be added to multiple NGINXaaS Accounts, but it is treated as a different user in each account.
-- **Authorized Domains**: The list of Google Identity domains (for example, "example.com") allowed to access an NGINXaaS Account using Google authentication.
-   - By default, an NGINXaaS Account has an empty authorized domains field, which means that anyone can log in to the account, if added as a user.
-   - Configuring this field allows you to control which organizations (based on their email domains) are allowed to log in to the NGINXaaS Account. This restricts access to only users from trusted companies or groups, and prevents unauthorized domains from accessing resources in the account.
-   - When updating authorized domains, you cannot make an update if it would prevent any existing user from logging in. This ensures that no current users are accidentally locked out of the account.
+- **NGINXaaS Account**: An NGINXaaS Account is created when you subscribe to *F5 NGINXaaS for Google Cloud* via the Google Cloud Marketplace, as described in [prerequisites]({{< ref "/nginxaas-google/getting-started/prerequisites.md" >}}). You may create multiple NGINXaaS Accounts by signing up with different billing accounts.
+- **User**: NGINXaaS Users are granted access to all resources in the NGINXaaS Account. User authentication is performed securely via Google Cloud, requiring a matching identity. Individuals can be added as users to multiple NGINXaaS Accounts, and can switch between them using the steps documented below.
+- **Authorized Domains**: The list of domains allowed to authenticate into the NGINXaaS Account using Google authentication.
+   - This can be used to restrict access to Google identities within your Google Cloud Organization or Google Workspace, or other known, trusted Workspaces. For example, your Google Cloud Organization may have users created under the `example.com` domain. By setting the Authorized Domains in your NGINXaaS Account to only allow `example.com`, users attempting to log in with the same email associated with `alternative.net` Google Workspace would not be authenticated.
+   - By default, an NGINXaaS Account has an empty authorized domains list, which accepts matching users from any Google Workspace.
 
 ## Add or edit a user
 
-An existing NGINXaaS Account user can additional users following these steps:
+An existing NGINXaaS Account user can add additional users following these steps:
 
 1. Access the [NGINXaaS Console](https://console.nginxaas.net/).
 1. Log in to the console with your Google credentials.
 1. Navigate to **Users** page on the left menu, then select **Add User**.
-1. Enter the **Name** and **Email** for the user to be added.
+1. Enter the **Name** and **Email** for the user to be added. The email must match the individual's Google User to be able to authenticate successfully.
 1. Select **Create User** to save the changes.
 
 The new user will appear in the list of users on the **Users** page. Their **Google Identity Domain** will remain empty until they log in for the first time.
@@ -37,8 +36,7 @@ The new user will appear in the list of users on the **Users** page. Their **Goo
 
 1. Select **Users** under the **Settings** section on the left menu.
 1. Select the ellipsis (three dots) menu for the user you want to update.
-1. Select **Edit**.
-1. Update the user details; currently only the username can be changed.
+1. Select **Edit** and update the user details.
 1. Select **Update** to confirm the changes.
 
 ## Modify account settings
@@ -54,6 +52,8 @@ As an authenticated user, you may modify the authorized domains and name of an N
 1. To remove an existing authorized domain, select the Recycle Bin button next to it.
 1. Select **Update** to save changes.
 
+{{< call-out "note" >}}You cannot remove an authorized domain from the list if it matches an existing user's Google Identity Domain. To remove access from that domain you must first delete every NGINXaaS user that is associated with the domain.{{< /call-out >}}
+
 ### Modify the name of an accoun
 
 1. Select **Account Details** under the **Settings** section on the left menu.

content/nginxaas-google/getting-started/ssl-tls-certificates/ssl-tls-certificates-portal.md

@@ -19,14 +19,42 @@ If you haven't already done so, complete the following prerequisites:
 - Access the portal visiting [https://console.nginxaas.net/](https://console.nginxaas.net/).
     - Log in to the NGINXaaS console with your Google credentials.
 
-### Add an SSL/TLS certificate
-
-
-### Edit an SSL/TLS certificate
-
-
-### Delete an SSL/TLS certificate
-
+## Add an SSL/TLS certificate to NGINXaaS
+- Select **Certificates** in the left menu.
+- Select {{< icon "plus">}} **Add Certificate**.
+- In the **Add Certificate** panel, provide the required information:
+
+    {{< table >}}
+   | Field                       | Description                  |
+   |---------------------------- | ---------------------------- |
+   | Name                        | A unique name for the certificate. |
+   | Type                        | Select the type of certificate you are adding. SSL certificate and key, or CA certificate bundle. |
+   | Certificate Import Options  | Choose how you want to import the certificate. Enter the certificate text or upload a file. |
+     {{< /table >}}
+
+- Repeat the same steps to add as many certificates as needed.
+
+### Use a certificate in an NGINX configuration
+
+To use a certificate in an NGINX configuration, follow these steps:
+
+- Select **Configurations** in the left menu.
+- Select the ellipsis (three dots) next to the configuration you want to edit, and select **Edit**.
+- Select **Continue** to open the configuration editor.
+- In your configuration, select {{< icon "plus">}} **Add File** and either choose to use an existing certificate or add a new one.
+    - If you want to add a new certificate, select **New SSL Certificate or CA Bundle** and follo the steps mentioned in [Add an SSL/TLS certificate to NGINXaaS](#add-an-ssltls-certificate-to-nginxaas).
+    - If you want to use an existing certificate, select **Existing SSL Certificate or CA Bundle** and use the menu to choose a certificate from the list of certificates you have already added.
+- Provide the required path information:
+
+    {{< table >}}
+   | Field                       | Description                  | Note |
+   |---------------------------- | ---------------------------- | ---- |
+   | Certificate File Path       | This path can match one or more ssl_certificate directive file arguments in your NGINX configuration. | The certificate path must be unique within the same deployment. |
+   | Key File Path               | This path can match one or more ssl_certificate_key directive file arguments in your NGINX configuration. | The key path must be unique within the same deployment. |
+     {{< /table >}}
+
+- Update the NGINX configuration to reference the certificate you just added by the path value.
+- Select **Continue** and then **Save** to save your changes.
 
 ## What's next
 

content/nginxaas-google/glossary.md

@@ -12,11 +12,14 @@ This document provides definitions for terms and acronyms commonly used in F5 NG
 
 {{<table>}}
 
-| Parameter                | Description                                                                          |
+| Term                | Description                                                                          |
 | ------------------------ | -------------------------------------------------------------------------------------|
 | GCP                      | Geographic Control Plane. The control plane that manages the NGINXaaS instances deployed in Google Cloud. |
 | Network attachment       | A Google Cloud resource that enables a VM instance to connect to a VPC network. [More information](https://cloud.google.com/vpc/docs/about-network-attachments).   |
 | VPC network              | A Virtual Private Cloud (VPC) network is a virtual version of a physical network, implemented within Google Cloud. It provides networking functionality for your Google Cloud resources. [More information](https://cloud.google.com/vpc/docs/vpc). |
+| NGINXaas Account        | Represents a Google Cloud procurement with an active Marketplace NGINXaaS subscription, linked to a billing account. To create an account, see the signup documentation in [prerequisites]({{< ref "/nginxaas-google/getting-started/prerequisites.md" >}}). |
+| NGINXaaS User | NGINXaaS Users are granted access to all resources in the NGINXaaS Account. User authentication is performed securely via Google Cloud, requiring a matching identity. Individuals can be added as users to multiple NGINXaaS Accounts, and can switch between them using the steps documented below. |
+| Authorized Domains |  The list of domains allowed to authenticate into the NGINXaaS Account using Google authentication. <br>- This can be used to restrict access to Google identities within your Google Cloud Organization or Google Workspace, or other known, trusted Workspaces. For example, your Google Cloud Organization may have users created under the `example.com` domain. By setting the Authorized Domains in your NGINXaaS Account to only allow `example.com`, users attempting to log in with the same email associated with `alternative.net` Google Workspace would not be authenticated. |
 
 
 {{</table>}}