diff --git a/locale/admin-docs.pot b/locale/admin-docs.pot index 20d5c420..36693634 100644 --- a/locale/admin-docs.pot +++ b/locale/admin-docs.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Zammad Admin Documentation pre-release\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2024-11-14 11:32+0100\n" +"POT-Creation-Date: 2024-11-29 10:47+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -453,7 +453,7 @@ msgstr "" #: ../channels/email/accounts/account-setup.rst:141 #: ../channels/email/accounts/account-setup.rst:264 #: ../manage/webhook/add.rst:72 -#: ../settings/security/third-party/saml.rst:166 +#: ../settings/security/third-party/saml.rst:167 #: ../system/integrations/i-doit.rst:74 msgid "SSL verification" msgstr "" @@ -678,7 +678,7 @@ msgstr "" #: ../channels/email/accounts/account-setup.rst:288 #: ../channels/google/basic-setup.rst:231 #: ../channels/microsoft365/accounts/account-setup.rst:170 -#: ../settings/security/third-party/saml.rst:203 +#: ../settings/security/third-party/saml.rst:204 #: ../system/integrations/cti/includes/troubleshooting.include.rst:2 #: ../system/integrations/cti/includes/troubleshooting.include.rst:2 #: ../system/integrations/cti/includes/troubleshooting.include.rst:2 @@ -3765,8 +3765,8 @@ msgid "OpenId permissions" msgstr "" #: ../channels/microsoft365/accounts/register-app.rst:87 -#: ../settings/security/third-party/saml.rst:79 -#: ../settings/security/third-party/saml.rst:85 +#: ../settings/security/third-party/saml.rst:80 +#: ../settings/security/third-party/saml.rst:86 msgid "``email``" msgstr "" @@ -15540,130 +15540,130 @@ msgid "This guide assumes you are already using SAML within your organization (i msgstr "" #: ../settings/security/third-party/saml.rst:21 -msgid "Please note: Our instructions are based on connecting Zammad with Keycloak." +msgid "Please note: Our instructions below are based on connecting Zammad with Keycloak. We have an additional example about :doc:`connecting Microsoft 365 / Entra with Zammad <./saml-microsoft>`." msgstr "" -#: ../settings/security/third-party/saml.rst:25 +#: ../settings/security/third-party/saml.rst:26 msgid "Step 1: Configure Your IdP" msgstr "" -#: ../settings/security/third-party/saml.rst:28 +#: ../settings/security/third-party/saml.rst:29 msgid "Add Zammad as a Client/App" msgstr "" -#: ../settings/security/third-party/saml.rst:30 +#: ../settings/security/third-party/saml.rst:31 msgid "Import Zammad into your IdP using the XML configuration found at ``https://your.zammad.domain/auth/saml/metadata``." msgstr "" -#: ../settings/security/third-party/saml.rst:33 +#: ../settings/security/third-party/saml.rst:34 msgid "If your IdP doesn't support XML import, you will have to configure Zammad as a new client/app manually using the above XML metadata file for reference." msgstr "" -#: ../settings/security/third-party/saml.rst:36 +#: ../settings/security/third-party/saml.rst:37 msgid "For instance, when you see this tag:" msgstr "" -#: ../settings/security/third-party/saml.rst:42 +#: ../settings/security/third-party/saml.rst:43 msgid "Set the **Assertion Consumer Service Binding URL** (sometimes also listed as **Valid Redirect URIs**) to ``http://your.zammad.domain/auth/saml/callback``." msgstr "" -#: ../settings/security/third-party/saml.rst:47 +#: ../settings/security/third-party/saml.rst:48 msgid "Set Up User Attribute Mapping" msgstr "" -#: ../settings/security/third-party/saml.rst:49 +#: ../settings/security/third-party/saml.rst:50 msgid "Zammad requests the following user attributes (or “properties”) from the IdP:" msgstr "" -#: ../settings/security/third-party/saml.rst:51 +#: ../settings/security/third-party/saml.rst:52 msgid "Email address (``email``)" msgstr "" -#: ../settings/security/third-party/saml.rst:52 +#: ../settings/security/third-party/saml.rst:53 msgid "Full name (``name``)" msgstr "" -#: ../settings/security/third-party/saml.rst:53 +#: ../settings/security/third-party/saml.rst:54 msgid "Given name (``first_name``)" msgstr "" -#: ../settings/security/third-party/saml.rst:54 +#: ../settings/security/third-party/saml.rst:55 msgid "Family name (``last_name``)" msgstr "" -#: ../settings/security/third-party/saml.rst:56 +#: ../settings/security/third-party/saml.rst:57 msgid "You may need to set up “mappers” (or “mappings”) to tell your IdP how user attributes in SAML correspond to those in Zammad. For a more detailed breakdown, refer to the XML metadata file referenced in the previous section." msgstr "" -#: ../settings/security/third-party/saml.rst:62 +#: ../settings/security/third-party/saml.rst:63 msgid "Per-IdP Instructions" msgstr "" -#: ../settings/security/third-party/saml.rst:102 +#: ../settings/security/third-party/saml.rst:103 msgid "Keycloak" msgstr "" -#: ../settings/security/third-party/saml.rst:65 +#: ../settings/security/third-party/saml.rst:66 msgid "**To add Zammad as a client,** save the XML configuration to disk (``https://your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > Import client** in the Keycloak admin panel." msgstr "" -#: ../settings/security/third-party/saml.rst:70 +#: ../settings/security/third-party/saml.rst:71 msgid "To help Zammad **match its own user accounts to Keycloak users**, create a user attribute (or “property”) mapper. In **Clients list**, click on your newly created Client ID, choose the tab **Client scopes** and click on the link which refers to your Zammad instance. Choose **Add mapper > By configuration > User Property** and create a mapper with the following entries:" msgstr "" -#: ../settings/security/third-party/saml.rst:78 +#: ../settings/security/third-party/saml.rst:79 msgid "**Name**" msgstr "" -#: ../settings/security/third-party/saml.rst:80 +#: ../settings/security/third-party/saml.rst:81 msgid "**Mapper Type**" msgstr "" -#: ../settings/security/third-party/saml.rst:81 +#: ../settings/security/third-party/saml.rst:82 msgid "``User Property``" msgstr "" -#: ../settings/security/third-party/saml.rst:82 +#: ../settings/security/third-party/saml.rst:83 msgid "**Property**" msgstr "" -#: ../settings/security/third-party/saml.rst:83 +#: ../settings/security/third-party/saml.rst:84 msgid "``emailAddress``" msgstr "" -#: ../settings/security/third-party/saml.rst:84 +#: ../settings/security/third-party/saml.rst:85 msgid "**SAML Attribute Name**" msgstr "" -#: ../settings/security/third-party/saml.rst:86 +#: ../settings/security/third-party/saml.rst:87 msgid "**SAML Attribute NameFormat**" msgstr "" -#: ../settings/security/third-party/saml.rst:87 +#: ../settings/security/third-party/saml.rst:88 msgid "``basic``" msgstr "" -#: ../settings/security/third-party/saml.rst:89 +#: ../settings/security/third-party/saml.rst:90 msgid "In the example above, we're telling Zammad that whenever it receives a SAML login request, it should take the ``email`` property from Keycloak, look for a Zammad user with the same ``email`` attribute, and create a new session for that user." msgstr "" -#: ../settings/security/third-party/saml.rst:95 +#: ../settings/security/third-party/saml.rst:96 msgid "If your Keycloak users' email addresses are stored on another property (*e.g.,* ``username``), adjust accordingly." msgstr "" -#: ../settings/security/third-party/saml.rst:98 +#: ../settings/security/third-party/saml.rst:99 msgid "Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/saml/metadata``) in the field **Master SAML Processing URL**." msgstr "" -#: ../settings/security/third-party/saml.rst:101 +#: ../settings/security/third-party/saml.rst:102 msgid "You also need to enable **Sign assertions**." msgstr "" -#: ../settings/security/third-party/saml.rst:105 +#: ../settings/security/third-party/saml.rst:106 msgid "Step 2: Configure Zammad" msgstr "" -#: ../settings/security/third-party/saml.rst:107 +#: ../settings/security/third-party/saml.rst:108 msgid "Enable SAML and enter your IdP's details in the Admin Panel under **Settings > Security > Third Party Applications > Authentication via SAML**:" msgstr "" @@ -15671,79 +15671,79 @@ msgstr "" msgid "Example configuration of SAML part 1" msgstr "" -#: ../settings/security/third-party/saml.rst:119 +#: ../settings/security/third-party/saml.rst:120 msgid "Display name" msgstr "" -#: ../settings/security/third-party/saml.rst:116 +#: ../settings/security/third-party/saml.rst:117 msgid "Allows you to define a custom button name for SAML. This helps your users to understand better what the button on the login page does." msgstr "" -#: ../settings/security/third-party/saml.rst:119 +#: ../settings/security/third-party/saml.rst:120 msgid "Defaults to ``SAML``." msgstr "" -#: ../settings/security/third-party/saml.rst:123 +#: ../settings/security/third-party/saml.rst:124 msgid "IDP SSO target URL" msgstr "" -#: ../settings/security/third-party/saml.rst:122 +#: ../settings/security/third-party/saml.rst:123 msgid "This is the target URL Zammad shall redirect to when the user presses the SAML button. For Keycloak, this needs to look like https://your.domain/realms/your-realm/protocol/saml" msgstr "" -#: ../settings/security/third-party/saml.rst:127 +#: ../settings/security/third-party/saml.rst:128 msgid "IDP single logout target URL" msgstr "" -#: ../settings/security/third-party/saml.rst:126 +#: ../settings/security/third-party/saml.rst:127 msgid "This is the URL to which the single logout request and response should be sent." msgstr "" -#: ../settings/security/third-party/saml.rst:131 +#: ../settings/security/third-party/saml.rst:132 msgid "IDP certificate" msgstr "" -#: ../settings/security/third-party/saml.rst:130 +#: ../settings/security/third-party/saml.rst:131 msgid "The public certificate of your IDP for Zammad to verify during the callback phase." msgstr "" -#: ../settings/security/third-party/saml.rst:145 +#: ../settings/security/third-party/saml.rst:146 msgid "IDP certificate fingerprint" msgstr "" -#: ../settings/security/third-party/saml.rst:134 +#: ../settings/security/third-party/saml.rst:135 msgid "The fingerprint of your IDPs public certificate to verify during callback phase." msgstr "" -#: ../settings/security/third-party/saml.rst:137 +#: ../settings/security/third-party/saml.rst:138 msgid "🔏 **For the IdP certificate / certificate fingerprint:**" msgstr "" -#: ../settings/security/third-party/saml.rst:139 +#: ../settings/security/third-party/saml.rst:140 msgid "Provide **only one or the other**—do not provide both! (Between the two, we recommend the signing certificate itself: fingerprints use SHA-1, which `has been broken for a while now `_.)" msgstr "" -#: ../settings/security/third-party/saml.rst:144 +#: ../settings/security/third-party/saml.rst:145 msgid "**Keycloak users:** Find your certificate in the Keycloak admin panel under **Realm Settings > Keys > Algorithm: RS256 > Certificate**." msgstr "" -#: ../settings/security/third-party/saml.rst:151 +#: ../settings/security/third-party/saml.rst:152 msgid "Name identifier format" msgstr "" -#: ../settings/security/third-party/saml.rst:148 +#: ../settings/security/third-party/saml.rst:149 msgid "This is the unique identifiers field type. Usually it should be ``urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress``." msgstr "" -#: ../settings/security/third-party/saml.rst:151 +#: ../settings/security/third-party/saml.rst:152 msgid "Zammad **expects an email address as unique identifier**!" msgstr "" -#: ../settings/security/third-party/saml.rst:155 +#: ../settings/security/third-party/saml.rst:156 msgid "UID attribute name" msgstr "" -#: ../settings/security/third-party/saml.rst:154 +#: ../settings/security/third-party/saml.rst:155 msgid "Here you can define an attribute that uniquely identifies the user. If unset, the name identifier returned by the IDP is used." msgstr "" @@ -15751,86 +15751,214 @@ msgstr "" msgid "Example configuration of SAML part 2" msgstr "" -#: ../settings/security/third-party/saml.rst:163 +#: ../settings/security/third-party/saml.rst:164 msgid "Decide if the certificate for the connection to the IdP service has to be verified or not (default: ``yes``)." msgstr "" -#: ../settings/security/third-party/saml.rst:169 +#: ../settings/security/third-party/saml.rst:170 msgid "Signing & Encrypting" msgstr "" -#: ../settings/security/third-party/saml.rst:169 +#: ../settings/security/third-party/saml.rst:170 msgid "Define if you want to sign, encrypt, do both or nothing for the requests." msgstr "" -#: ../settings/security/third-party/saml.rst:179 +#: ../settings/security/third-party/saml.rst:180 msgid "Certificate (PEM)" msgstr "" -#: ../settings/security/third-party/saml.rst:172 +#: ../settings/security/third-party/saml.rst:173 msgid "Paste the public certificate of your Zammad SAML client, if you want to encrypt the requests." msgstr "" -#: ../settings/security/third-party/saml.rst:175 +#: ../settings/security/third-party/saml.rst:176 msgid "Make sure the certificate is:" msgstr "" -#: ../settings/security/third-party/saml.rst:177 +#: ../settings/security/third-party/saml.rst:178 msgid "already valid and not yet expired" msgstr "" -#: ../settings/security/third-party/saml.rst:178 +#: ../settings/security/third-party/saml.rst:179 msgid "no CA certificate" msgstr "" -#: ../settings/security/third-party/saml.rst:179 +#: ../settings/security/third-party/saml.rst:180 msgid "valid for signing and encrypting" msgstr "" -#: ../settings/security/third-party/saml.rst:185 +#: ../settings/security/third-party/saml.rst:186 msgid "Private key (PEM)" msgstr "" -#: ../settings/security/third-party/saml.rst:182 +#: ../settings/security/third-party/saml.rst:183 msgid "Paste the private key of your Zammad SAML client here, if you want to sign the requests." msgstr "" -#: ../settings/security/third-party/saml.rst:185 +#: ../settings/security/third-party/saml.rst:186 msgid "Make sure the key is an RSA key with a length of at least 2048 bits." msgstr "" -#: ../settings/security/third-party/saml.rst:188 +#: ../settings/security/third-party/saml.rst:189 msgid "Private key secret" msgstr "" -#: ../settings/security/third-party/saml.rst:188 +#: ../settings/security/third-party/saml.rst:189 msgid "If your private key is secured with a secret, you can provide it here." msgstr "" -#: ../settings/security/third-party/saml.rst:192 +#: ../settings/security/third-party/saml.rst:193 msgid "Your callback URL" msgstr "" -#: ../settings/security/third-party/saml.rst:191 +#: ../settings/security/third-party/saml.rst:192 msgid "This URL is needed for your IdP configuration so it knows where to redirect to after successful authentication." msgstr "" -#: ../settings/security/third-party/saml.rst:194 +#: ../settings/security/third-party/saml.rst:195 msgid "After saving your input by clicking on the \"Submit\" button, Zammad verifies the provided keys/certificates (e.g. if they are valid for signing/encrypting and if they aren't expired)." msgstr "" -#: ../settings/security/third-party/saml.rst:199 +#: ../settings/security/third-party/saml.rst:200 msgid "See :ref:`automatic account linking ` for details on how to link existing Zammad accounts to IdP accounts." msgstr "" -#: ../settings/security/third-party/saml.rst:205 +#: ../settings/security/third-party/saml.rst:206 msgid "Automatic account linking doesn't work" msgstr "" -#: ../settings/security/third-party/saml.rst:206 +#: ../settings/security/third-party/saml.rst:207 msgid "Have you double-checked your IdP's user attribute mapping configuration?" msgstr "" +#: ../settings/security/third-party/saml-microsoft.rst:2 +msgid "SAML with Microsoft 365" +msgstr "" + +#: ../settings/security/third-party/saml-microsoft.rst:5 +msgid "1. Register Zammad as an Application in Microsoft Entra ID" +msgstr "" + +#: ../settings/security/third-party/saml-microsoft.rst:7 +msgid "Log in to the Microsoft Entra admin center with administrative rights" +msgstr "" + +#: ../settings/security/third-party/saml-microsoft.rst:8 +msgid "Navigate to \"Identity\" > \"Applications\" > \"Enterprise Applications\"" +msgstr "" + +#: ../settings/security/third-party/saml-microsoft.rst:9 +msgid "Click \"New Application\" and select \"Create your own application\"" +msgstr "" + +#: ../settings/security/third-party/saml-microsoft.rst:10 +msgid "Enter a name for the application, e.g. \"Zammad SAML Integration\"" +msgstr "" + +#: ../settings/security/third-party/saml-microsoft.rst:11 +msgid "Choose \"Integrate any other application you don't find in the gallery\", then click \"Create\"" +msgstr "" + +#: ../settings/security/third-party/saml-microsoft.rst:15 +msgid "1. Configure SAML-based Single Sign-On (SSO)" +msgstr "" + +#: ../settings/security/third-party/saml-microsoft.rst:17 +msgid "After the application is created, go to its overview page" +msgstr "" + +#: ../settings/security/third-party/saml-microsoft.rst:18 +msgid "Select \"Single sign-on\" from the left-hand menu" +msgstr "" + +#: ../settings/security/third-party/saml-microsoft.rst:19 +msgid "Choose \"SAML\" as the sign-on method" +msgstr "" + +#: ../settings/security/third-party/saml-microsoft.rst:20 +msgid "In the \"Basic SAML Configuration\" section, click \"Edit\":" +msgstr "" + +#: ../settings/security/third-party/saml-microsoft.rst:22 +msgid "Identifier (Entity ID): Use Zammad's Entity ID, which can be found at ``https://your.zammad.domain/auth/saml/metadata``" +msgstr "" + +#: ../settings/security/third-party/saml-microsoft.rst:24 +msgid "Reply URL (Assertion Consumer Service URL): Set it to ``https://your.zammad.domain/auth/saml/callback``" +msgstr "" + +#: ../settings/security/third-party/saml-microsoft.rst:27 +msgid "Save the configuration" +msgstr "" + +#: ../settings/security/third-party/saml-microsoft.rst:30 +msgid "3. Configure User Attributes and Claims Mapping" +msgstr "" + +#: ../settings/security/third-party/saml-microsoft.rst:32 +msgid "In the \"Attributes & Claims\" section, click \"Edit\". By default, some claims like User Principal Name, Email Address, First Name, and Last Name are already configured." +msgstr "" + +#: ../settings/security/third-party/saml-microsoft.rst:None +msgid "Screenshots showing \"Attribute & Claims\" configuration in Entra admin center" +msgstr "" + +#: ../settings/security/third-party/saml-microsoft.rst:41 +msgid "4. Download the SAML Certificate" +msgstr "" + +#: ../settings/security/third-party/saml-microsoft.rst:43 +msgid "In the \"SAML Signing Certificate\" section, download the \"Certificate (Base64)\":" +msgstr "" + +#: ../settings/security/third-party/saml-microsoft.rst:None +msgid "Screenshot showing the highlighted certificate export already" +msgstr "" + +#: ../settings/security/third-party/saml-microsoft.rst:51 +msgid "5. Configure Zammad" +msgstr "" + +#: ../settings/security/third-party/saml-microsoft.rst:53 +msgid "Log in to Zammad as an administrator" +msgstr "" + +#: ../settings/security/third-party/saml-microsoft.rst:54 +msgid "In the admin panel go to \"Settings\" > \"Security\" > \"Third-party Applications\" > \"Authentication via SAML\"" +msgstr "" + +#: ../settings/security/third-party/saml-microsoft.rst:56 +msgid "Provide the following information:" +msgstr "" + +#: ../settings/security/third-party/saml-microsoft.rst:58 +msgid "SAML IdP Login URL: The Login URL from the Microsoft Entra Admin Center." +msgstr "" + +#: ../settings/security/third-party/saml-microsoft.rst:59 +msgid "SAML IdP Logout URL: The Logout URL from the Microsoft Entra Admin Center." +msgstr "" + +#: ../settings/security/third-party/saml-microsoft.rst:61 +msgid "Name Identifier Format: ``urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress``" +msgstr "" + +#: ../settings/security/third-party/saml-microsoft.rst:62 +msgid "SAML IdP Certificate: Upload the previously downloaded Base64 certificate." +msgstr "" + +#: ../settings/security/third-party/saml-microsoft.rst:63 +msgid "Save the settings" +msgstr "" + +#: ../settings/security/third-party/saml-microsoft.rst:66 +msgid "1. Assign Users" +msgstr "" + +#: ../settings/security/third-party/saml-microsoft.rst:68 +msgid "In Microsoft Entra ID, assign the relevant users to the Zammad application to grant them access." +msgstr "" + #: ../settings/security/third-party/twitter.rst:4 msgid "It is possible to create a quick login for your helpdesk via Twitter. To do so, you need to follow these steps:" msgstr ""