Skip to content

docs: add domain verification for org sso#23045

Open
awxxxxxx wants to merge 2 commits into
pingcap:release-8.5from
awxxxxxx:tidb-cloud-org-sso-authentication
Open

docs: add domain verification for org sso#23045
awxxxxxx wants to merge 2 commits into
pingcap:release-8.5from
awxxxxxx:tidb-cloud-org-sso-authentication

Conversation

@awxxxxxx

@awxxxxxx awxxxxxx commented Jun 11, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • Add domain verification steps for OIDC and SAML in Organization SSO Authentication.
  • Clarify that OIDC/SAML Allowed Email Domains are required and must use verified domains.
  • Update auto-provision guidance to avoid implying allowed domains are only recommended for OIDC/SAML.

Tests

  • ./scripts/markdownlint tidb-cloud/tidb-cloud-org-sso-authentication.md
  • npx remark tidb-cloud/tidb-cloud-org-sso-authentication.md

@ti-chi-bot ti-chi-bot Bot added contribution This PR is from a community contributor. missing-translation-status This PR does not have translation status info. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jun 11, 2026
gemini-code-assist[bot]
gemini-code-assist Bot reviewed Jun 11, 2026
View reviewed changes

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the TiDB Cloud Organization SSO authentication documentation by adding a new section on adding and verifying domains for OIDC and SAML, and clarifying that configuring allowed email domains is required for these methods. The review feedback focuses on improving clarity, conciseness, and style-guide compliance. Key suggestions include rephrasing passive voice to active voice, simplifying wordy phrasing (such as changing 'according to your need' to 'as needed'), and correcting unidiomatic prepositions (such as changing 'locked out by' to 'locked out of').

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread tidb-cloud/tidb-cloud-org-sso-authentication.md
Comment thread tidb-cloud/tidb-cloud-org-sso-authentication.md

### Add and verify domains for OIDC and SAML

Before configuring OIDC or SAML, add and verify the email domains that your organization members use to sign in. Only domains with the **Verified** status can be used in **Allowed Email Domains** for OIDC and SAML.

@gemini-code-assist gemini-code-assist Bot Jun 11, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

low

The sentence "Only domains with the Verified status can be used..." uses passive voice. Rephrasing it to active voice using the second person ("you") makes it more direct and easier to read.

Suggested change
Before configuring OIDC or SAML, add and verify the email domains that your organization members use to sign in. Only domains with the **Verified** status can be used in **Allowed Email Domains** for OIDC and SAML.
Before configuring OIDC or SAML, add and verify the email domains that your organization members use to sign in. You can only use domains with the **Verified** status in the **Allowed Email Domains** field for OIDC and SAML.
References
  1. Avoid passive voice overuse and write in second person ('you') when addressing users. (link)

Comment thread tidb-cloud/tidb-cloud-org-sso-authentication.md Outdated
Comment thread tidb-cloud/tidb-cloud-org-sso-authentication.md Outdated
Comment thread tidb-cloud/tidb-cloud-org-sso-authentication.md Outdated
Comment thread tidb-cloud/tidb-cloud-org-sso-authentication.md Outdated
Comment thread tidb-cloud/tidb-cloud-org-sso-authentication.md Outdated
Comment thread tidb-cloud/tidb-cloud-org-sso-authentication.md Outdated
@qiancai qiancai self-assigned this Jun 11, 2026
@qiancai qiancai added translation/no-need No need to translate this PR. area/tidb-cloud This PR relates to the area of TiDB Cloud. labels Jun 11, 2026
@ti-chi-bot ti-chi-bot Bot removed the missing-translation-status This PR does not have translation status info. label Jun 11, 2026
@qiancai @gemini-code-assist
Apply suggestions from code review
ceaaeb9 
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
@ti-chi-bot

ti-chi-bot Bot commented Jun 11, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from qiancai. For more information see the Code Review Process.
Please ensure that each of them provides their approval before proceeding.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@qiancai qiancai

Labels

area/tidb-cloud This PR relates to the area of TiDB Cloud. contribution This PR is from a community contributor. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. translation/no-need No need to translate this PR.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@awxxxxxx @qiancai