diff --git a/apps/docs/components/Navigation/NavigationMenu/NavigationMenu.constants.ts b/apps/docs/components/Navigation/NavigationMenu/NavigationMenu.constants.ts
index 2261a910b0..f39acf544d 100644
--- a/apps/docs/components/Navigation/NavigationMenu/NavigationMenu.constants.ts
+++ b/apps/docs/components/Navigation/NavigationMenu/NavigationMenu.constants.ts
@@ -481,6 +481,7 @@ export const platform = {
name: 'Platform Management',
url: undefined,
items: [
+ { name: 'Access Control', url: '/guides/platform/access-control', items: [] },
{ name: 'Database Usage', url: '/guides/platform/database-usage', items: [] },
{ name: 'Logging', url: '/guides/platform/logs', items: [] },
{ name: 'Metrics', url: '/guides/platform/metrics', items: [] },
@@ -494,6 +495,24 @@ export const platform = {
{ name: 'Permissions', url: '/guides/platform/permissions', items: [] },
],
},
+ {
+ name: 'Single sign-on',
+ url: undefined,
+ items: [
+ {
+ name: 'Enable SSO for your organization',
+ url: '/guides/platform/sso',
+ items: [],
+ },
+ { name: 'SSO with Azure AD', url: '/guides/platform/sso/azure', items: [] },
+ {
+ name: 'SSO with Google Workspace',
+ url: '/guides/platform/sso/gsuite',
+ items: [],
+ },
+ { name: 'SSO with Okta', url: '/guides/platform/sso/okta', items: [] },
+ ],
+ },
{
name: 'Go-live Checklist',
url: undefined,
diff --git a/apps/docs/pages/guides/auth/passwordless-login/email-otp-magic-link.mdx b/apps/docs/pages/guides/auth/passwordless-login/email-otp-magic-link.mdx
index 181954436a..da78296f4b 100644
--- a/apps/docs/pages/guides/auth/passwordless-login/email-otp-magic-link.mdx
+++ b/apps/docs/pages/guides/auth/passwordless-login/email-otp-magic-link.mdx
@@ -37,6 +37,9 @@ When your user signs in, call [signInWithOtp()](/docs/reference/javascript/auth-
async function signInWithEmail() {
const { data, error } = await supabase.auth.signInWithOtp({
email: 'example@email.com',
+ options: {
+ emailRedirectTo: 'https://example.com/welcome',
+ },
})
}
```
diff --git a/apps/docs/pages/guides/platform.mdx b/apps/docs/pages/guides/platform.mdx
index a713064e77..8f734fdcd7 100644
--- a/apps/docs/pages/guides/platform.mdx
+++ b/apps/docs/pages/guides/platform.mdx
@@ -25,50 +25,7 @@ Each project on Supabase comes with:
## Organizations
Organizations are a way to group your projects. Each organization can be configured with different team members and billing settings.
-
-## Manage team members
-
-You can invite your team members into your organizations to collaborate on projects.
-
-
-
-You can also assign roles to your team members with different access levels. The table below shows the corresponding permissions for each available role in the Dashboard.
-
-| Permissions | Owner | Administrator | Developer |
-| ------------------------ | ----- | ------------- | --------- |
-| **Organization** |
-| Change organization name | ✅ | | |
-| Delete organization | ✅ | | |
-| **Members** |
-| Add an Owner | ✅ | | |
-| Remove an Owner | ✅ | | |
-| Add an Administrator | ✅ | ✅ | |
-| Remove an Administrator | ✅ | ✅ | |
-| Add a Developer | ✅ | ✅ | |
-| Remove a Developer | ✅ | ✅ | |
-| Revoke an invite | ✅ | ✅ | |
-| Resend an invite | ✅ | ✅ | |
-| **Billing** |
-| Read invoices | ✅ | ✅ | ✅ |
-| Read billing email | ✅ | ✅ | ✅ |
-| Change billing email | ✅ | | |
-| View subscription | ✅ | ✅ | ✅ |
-| Update subscription | ✅ | ✅ | |
-| Read billing address | ✅ | ✅ | ✅ |
-| Update billing address | ✅ | ✅ | |
-| Read tax codes | ✅ | ✅ | ✅ |
-| Update tax codes | ✅ | ✅ | |
-| Read payment methods | ✅ | ✅ | ✅ |
-| Update payment methods | ✅ | ✅ | |
-| **Projects** |
-| Create a project | ✅ | ✅ | |
-| Delete a project | ✅ | ✅ | |
-| Update a project | ✅ | ✅ | |
-| Pause a project | ✅ | ✅ | |
-| Resume a project | ✅ | ✅ | |
-| Restart a project | ✅ | ✅ | ✅ |
+Refer to [access control](/docs/guides/platform/access-control) for more information on how to manage team members within an organization.
## Platform status
diff --git a/apps/docs/pages/guides/platform/access-control.mdx b/apps/docs/pages/guides/platform/access-control.mdx
new file mode 100644
index 0000000000..f470d14af9
--- /dev/null
+++ b/apps/docs/pages/guides/platform/access-control.mdx
@@ -0,0 +1,85 @@
+import Layout from '~/layouts/DefaultGuideLayout'
+
+export const meta = {
+ title: 'Access Control',
+ description: 'Roles and permissions at the organization level',
+}
+
+Supabase provides granular access control features that let you manage permissions across your organizations.
+
+Within a Supabase organization, a member can have one of the following roles:
+
+- Owner
+- Administrator
+- Developer
+
+A default organization is created for a user when they first sign-in and
+assigned the **Owner** role. If the user wants to invite others
+to collaborate within the organization, they can visit the organization team
+settings (`https://app.supabase.com/org//settings#team`) to send an
+invite link to another user's email. The invite expires after 24 hours.
+
+Invites sent from a SSO account can only be accepted by another SSO account
+coming from the same identity provider. This is a security measure that
+prevents accidental invites to accounts not managed by your company's
+enterprise systems.
+
+Project level invites are not available at this time. A member of the
+organization will be able to access all projects under the organization. If you
+wish to restrict access to certain projects, please create another organization
+to manage this.
+
+## Manage team members
+
+You can invite your team members into your organizations to collaborate on projects.
+
+
+
+### Permissions across roles [#permission-across-roles]
+
+The table below shows the corresponding permissions for each available role you can assign a team member in the Dashboard.
+
+| Permissions | Owner | Administrator | Developer |
+| ------------------------ | ----- | ------------- | --------- |
+| **Organization** |
+| Change organization name | ✅ | | |
+| Delete organization | ✅ | | |
+| **Members** |
+| Add an Owner | ✅ | | |
+| Remove an Owner | ✅ | | |
+| Add an Administrator | ✅ | ✅ | |
+| Remove an Administrator | ✅ | ✅ | |
+| Add a Developer | ✅ | ✅ | |
+| Remove a Developer | ✅ | ✅ | |
+| Revoke an invite | ✅ | ✅ | |
+| Resend an invite | ✅ | ✅ | |
+| Accept an invite[^1] | ✅ | ✅ | ✅ |
+| **Billing** |
+| Read invoices | ✅ | ✅ | ✅ |
+| Read billing email | ✅ | ✅ | ✅ |
+| Change billing email | ✅ | | |
+| View subscription | ✅ | ✅ | ✅ |
+| Update subscription | ✅ | ✅ | |
+| Read billing address | ✅ | ✅ | ✅ |
+| Update billing address | ✅ | ✅ | |
+| Read tax codes | ✅ | ✅ | ✅ |
+| Update tax codes | ✅ | ✅ | |
+| Read payment methods | ✅ | ✅ | ✅ |
+| Update payment methods | ✅ | ✅ | |
+| **Projects** |
+| Create a project | ✅ | ✅ | |
+| Delete a project | ✅ | ✅ | |
+| Update a project | ✅ | ✅ | |
+| Pause a project | ✅ | ✅ | |
+| Resume a project | ✅ | ✅ | |
+| Restart a project | ✅ | ✅ | ✅ |
+
+[^1]:
+ If the invite was sent from a SSO account, it can only be accepted from
+ a user signed in via the same identity provider.
+
+export const Page = ({ children }) =>
+
+export default Page
diff --git a/apps/docs/pages/guides/platform/sso.mdx b/apps/docs/pages/guides/platform/sso.mdx
new file mode 100644
index 0000000000..8868b0dfbf
--- /dev/null
+++ b/apps/docs/pages/guides/platform/sso.mdx
@@ -0,0 +1,54 @@
+import Layout from '~/layouts/DefaultGuideLayout'
+
+export const meta = {
+ title: 'Enable SSO for Your Organization',
+ description: 'General information about enabling single sign-on (SSO) for your organization',
+}
+
+Supabase offers single sign-on (SSO) as a login option to provide additional
+account security for your team. This allows company administrators to enforce
+the use of an identity provider when logging into Supabase. SSO
+improves the onboarding and offboarding experience of the company as the
+employee only needs a single set of credentials to access third-party
+applications or tools—which can also be revoked easily by an administrator.
+
+
+
+Supabase currently provides SAML SSO. Please contact [Enterprise
+Sales](https://supabase.com/contact/enterprise) to have this enabled for your
+organization.
+
+
+
+## Understanding setup and implications
+
+Accounts signing in with SSO have certain limitations.
+The following sections outline the limitations when SSO is enabled or disabled for your team.
+
+### Enable SSO for your team [#enable-sso]
+
+- Organization invites are restricted to members of the company that belong to
+ the same identity provider.
+- Every user has an organization created by default. They can create as many
+ projects as they want.
+- An SSO user will not be able to update their password or reset their
+ password since their access is managed by the company administrator via the
+ identity provider.
+- If an SSO user with the following email of `alice@foocorp.com` attempts to
+ sign-in with a GitHub account that uses the same email, a separate Supabase
+ account is created and will not be linked to the SSO user's account.
+- An SSO user will not be able to see all organizations / projects created
+ under the same identity provider. They will need to be invited to the
+ Supabase organization first. Refer to [access control](/docs/guides/platform/access-control)
+ for more information.
+
+### Disable SSO for your team [#disable-sso]
+
+- You can prevent a user's account from further access to Supabase by removing
+ or disabling their account in your identity provider.
+- You should also remove or downgrade their permissions from any organizations
+ inside Supabase.
+
+export const Page = ({ children }) =>
+
+export default Page
diff --git a/apps/docs/pages/guides/platform/sso/azure.mdx b/apps/docs/pages/guides/platform/sso/azure.mdx
new file mode 100644
index 0000000000..c1a888fc22
--- /dev/null
+++ b/apps/docs/pages/guides/platform/sso/azure.mdx
@@ -0,0 +1,128 @@
+import Layout from '~/layouts/DefaultGuideLayout'
+import { Button, IconArrowDown } from 'ui'
+
+export const meta = {
+ title: 'Set Up SSO with Azure AD',
+ description: 'Configure single sign-on with Azure AD (Microsoft Entra).',
+}
+
+Supabase supports single sign-on (SSO) using Microsoft Azure AD.
+
+## Step 1: Add and register an Enterprise Application [#add-and-register-enterprise-application]
+
+Open up the [Azure Active
+Directory](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/Overview)
+dashboard for your Azure account.
+
+Click the _Add_ button then _Enterprise application_.
+
+
+
+## Step 2: Choose Create your own application [#create-application]
+
+You'll be using the custom enterprise application setup for Supabase.
+
+
+
+## Step 3: Fill in application details [#add-application-details]
+
+In the modal titled _Create your own application_ enter the name you wish
+Supabase to be available to your Azure AD users. `Supabase` works in most
+cases.
+
+Make sure to choose the third option: _Integrate any other application you
+don't find in the gallery (Non-gallery)_.
+
+
+
+## Step 4: Choose the Set up single sign-on option [#set-up-single-sign-on]
+
+Before you get to assigning users and groups, which would allow accounts in
+Azure AD to access Supabase, you need to configure the SAML details that allows
+Supabase to accept sign in requests from Azure AD.
+
+
+
+## Step 5: Select SAML single sign-on method [#saml-sso]
+
+Supabase only supports the SAML 2.0 protocol for Single Sign-On, which is an
+industry standard.
+
+
+
+## Step 6: Upload SAML-based Sign-on metadata file [#upload-saml-metadata]
+
+First you need to download Supabase's SAML metadata file. Click the button
+below to initiate a download of the file.
+
+
+ }>
+ Download Supabase SAML Metadata File
+
+
+
+Alternatively, visit this page to initiate a download: `https://alt.supabase.io/auth/v1/sso/saml/metadata?download=true`
+
+Click on the _Upload metadata file_ option in the toolbar and select the file
+you just downloaded.
+
+
+
+All of the correct information should automatically populate the _Basic SAML
+Configuration_ screen as shown.
+
+
+
+**Make sure you input these additional settings.**
+
+| Setting | Value |
+| ----------- | -------------------------------------- |
+| Sign on URL | `https://app.supabase.com/sign-in-sso` |
+| Relay State | `https://app.supabase.com` |
+
+Finally, click the _Save_ button to save the configuration.
+
+## Step 7: Obtain metadata URL and send to Supabase [#send-metadata-url]
+
+Supabase needs to finalize enabling single sign-on with your Azure AD
+application. To do this, please copy and send the link under **App Federation
+Metadata Url** in \*section 3 **SAML Certificates\*** to your support
+contact and await further instructions. If you're not clear who to send this
+link to or need further assistance, please reach out to
+[support@supabase.com](mailto:support@supabase.com).
+
+**Do not test the login until you have heard back from the support contact.**
+
+
+
+## Step 8: Wait for confirmation [#confirmation]
+
+Please wait for confirmation or further instructions from your support contact
+at Supabase before proceeding to the next step. It usually takes us 1 business
+day to configure SSO for you.
+
+## Step 9: Test single sign-on [#testing]
+
+_Testing sign-on before your Azure AD has been registered with Supabase will
+not work. Make sure you've received confirmation from your support contact at
+Supabase as laid out in the [confirmation](#confirmation) step._
+
+Once you’ve received confirmation from your support contact at Supabase that
+SSO setup has been completed for your enterprise, you can ask some of your
+users to sign in via their Azure AD account.
+
+You ask them to enter their email address on the [Sign in with
+SSO](https://app.supabase.com/sign-in-sso) page.
+
+If sign in is not working correctly, please reach out to your support contact
+at Supabase for further guidance.
+
+export const Page = ({ children }) =>
+
+export default Page
diff --git a/apps/docs/pages/guides/platform/sso/gsuite.mdx b/apps/docs/pages/guides/platform/sso/gsuite.mdx
new file mode 100644
index 0000000000..3995999c68
--- /dev/null
+++ b/apps/docs/pages/guides/platform/sso/gsuite.mdx
@@ -0,0 +1,123 @@
+import Layout from '~/layouts/DefaultGuideLayout'
+
+export const meta = {
+ title: 'Set Up SSO with Google Workspace',
+ description: 'Configure single sign-on with Google Workspace (GSuite).',
+}
+
+Supabase supports single sign-on (SSO) using Google Workspace (formerly known
+as GSuite).
+
+## Step 1: Open the Google Workspace Web and mobile apps console [#google-workspace-console]
+
+
+
+## Step 2: Choose Add custom SAML app [#add-custom-saml-app]
+
+From the _Add app_ button in the toolbar choose _Add custom SAML app_.
+
+
+
+## Step 3: Fill out app details [#add-app-details]
+
+The information you enter here is for visibility into your Google Workspace.
+You can choose any values you like. `Supabase` as a name works well for most
+use cases. Optionally enter a description.
+
+
+
+## Step 4: Download IdP metadata [#download-idp-metadata]
+
+This is a very important step. Click on _DOWNLOAD METADATA_ and save the file
+that was downloaded.
+
+
+
+It's very important to send this file to your support contact at Supabase to
+complete the SSO setup process. If you're not sure where to send this file, you
+can always reach us at [support@supabase.com](mailto:support@supabase.com).
+
+**Important: Make sure the certificate as shown on screen has at least 1 year
+before it expires. Mark down this date in your calendar so you will be reminded
+that you need to update the certificate without any downtime for your users.**
+
+## Step 5: Add service provider details [#add-service-provider-details]
+
+Fill out these serivce provider details on the next screen.
+
+| Detail | Value |
+| -------------- | --------------------------------------------------- |
+| ACS URL | `https://alt.supabase.io/auth/v1/sso/saml/acs` |
+| Entity ID | `https://alt.supabase.io/auth/v1/sso/saml/metadata` |
+| Start URL | `https://app.supabase.com` |
+| Name ID format | PERSISTENT |
+| Name ID | _Basic Information > Primary email_ |
+
+
+
+## Step 6: Configure Attribute mapping [#configure-attribute-mapping]
+
+Attribute mappings allow Supabase to get information about your Google
+Workspace users on each login.
+
+**A _Primary email_ to `email` mapping is required to exist.** Other mappings
+shown below are optional and configurable depending on your Google Workspace
+setup. If in doubt, replicate the same config as shown.
+
+Please share any changes, if any, from this screen with your Supabase support
+contact.
+
+
+
+## Step 7: Wait for confirmation [#confirmation]
+
+Once you’ve configured the Google Workspace app as shown above, make sure you
+send the [metadata file you downloaded](#download-idp-metadata)
+and information regarding the [attribute mapping](#configure-attribute-mappings) (if any
+changes are applicable) to your support contact at Supabase.
+
+This information needs to be entered into Supabase before SSO is activated
+end-to-end.
+
+Wait for confirmation that this information has successfully been added to
+Supabase. It usually takes us 1 business day to configure this information
+for you.
+Supabase.
+
+## Step 8: Configure user access [#configure-user-access]
+
+You can configure which Google Workspace user accounts will get access to
+Supabase. This is important if you wish to limit access to your software
+engineering teams.
+
+You can configure this access by clicking on the _User
+access_ card (or down-arrow). Follow the instructions on screen.
+
+Changes from this step sometimes take a while to propagate across Google’s
+systems. Please wait at least 15 minutes before proceeding to the next step.
+
+
+
+## Step 9: Test single sign-on [#testing]
+
+Once you’ve turned on access to Supabase for users in your organization, ask
+one of those users to help you out in testing the setup.
+
+It often helps to ask them to log out of their Google account and log back in.
+
+Ask them to enter their email addres in the [Sign in with
+SSO](https://app.supabase.com/sign-in-sso) page.
+
+If sign in is not working correctly, please reach out to your support contact
+at Supabase.
+
+export const Page = ({ children }) =>
+
+export default Page
diff --git a/apps/docs/pages/guides/platform/sso/okta.mdx b/apps/docs/pages/guides/platform/sso/okta.mdx
new file mode 100644
index 0000000000..1d3cdf7d17
--- /dev/null
+++ b/apps/docs/pages/guides/platform/sso/okta.mdx
@@ -0,0 +1,112 @@
+import Layout from '~/layouts/DefaultGuideLayout'
+
+export const meta = {
+ title: 'Set Up SSO with Okta',
+ description: 'Configure single sign-on with Okta.',
+}
+
+Supabase supports single sign-on (SSO) using Okta.
+
+## Step 1: Choose Create App Integration in the Applications dashboard [#create-app-integration]
+
+Navigate to the Applications dashboard of the Okta admin console. Choose the
+_Create App Integration_ button from the toolbar.
+
+
+
+## Step 2: Choose SAML 2.0 in the app integration dialog [#create-saml-app]
+
+Supabase supports the SAML 2.0 SSO protocol. Choose it from the _Create a new
+app integration_ dialog.
+
+
+
+## Step 3: Fill out General Settings [#add-general-settings]
+
+The information you enter here is for visibility into your Okta applications
+menu. You can choose any values you like. `Supabase` as a name works well for
+most use cases.
+
+
+
+## Step 4: Fill out SAML Settings [#add-saml-settings]
+
+These settings let Supabase use SAML 2.0 properly with your Okta application.
+Make sure you enter this information exactly as shown on in this table and
+screenshot.
+
+| Setting | Value |
+| ---------------------------------------------- | ---------------------------------------------------- |
+| Single sign-on URL | `https://app.supabase.com/auth/v1/sso/saml/acs` |
+| Use this for Recipient URL and Destination URL | ✔️ |
+| Audience URI (SP Entity ID) | `https://app.supabase.com/auth/v1/sso/saml/metadata` |
+| Default RelayState | `https://app.supabase.com` |
+| Name ID format | EmailAddress |
+| Application username | Email |
+| Update application username on | Create and update |
+
+
+
+## Step 5: Fill out Attribute Statements [#add-attribute-statements]
+
+Attribute Statements allow Supabase to get information about your Okta users on each login.
+
+**A `email` to `user.email` statement is required to exist.** Other mappings
+shown below are optional and configurable depending on your Okta
+setup. If in doubt, replicate the same config as shown.
+
+Please share any changes, if any, from this screen with your Supabase support
+contact.
+
+
+
+## Step 6: Obtain IdP metadata URL [#idp-metadata-url]
+
+Supabase needs to finalize enabling single sign-on with your Okta
+application.
+
+To do this scroll down to the _SAML Signing Certificates_ section on the _Sign
+On_ tab of the _Supabase_ application. Pick the the _SHA-2_ row with an
+_Active_ status. Click on the _Actions_ dropdown button and then on the _View
+IdP Metadata_.
+
+This will open up the SAML 2.0 Metadata XML file in a new tab in your browser.
+Copy this URL and send it to your support contact and await further
+instructions. If you're not clear who to send this link to or need further
+assistance, please reach out to
+[support@supabase.com](mailto:support@supabase.com).
+
+The link usually has this structure: `https://.okta.com/apps//sso/saml/metadata`
+
+
+
+## Step 7: Wait for confirmation [#confirmation]
+
+Once you’ve configured the Okta app as shown above, make sure you send the
+[metadata URL](#idp-metadata-url) and information regarding the
+[attribute statements](#add-attribute-statements) (if any changes are applicable) to
+your support contact at Supabase.
+
+Wait for confirmation that this information has successfully been added to
+Supabase. It usually takes us 1 business day to configure this information
+for you.
+
+## Step 8: Test single sign-on [#testing]
+
+Once you’ve received confirmation from your support contact at Supabase that
+SSO setup has been completed for your enterprise, you can ask some of your
+users to sign in via their Okta account.
+
+You ask them to enter their email address on the [Sign in with
+SSO](https://app.supabase.com/sign-in-sso) page.
+
+If sign in is not working correctly, please reach out to your support contact
+at Supabase for further guidance.
+
+export const Page = ({ children }) =>
+
+export default Page
diff --git a/apps/docs/public/img/sso-azure-step-01.png b/apps/docs/public/img/sso-azure-step-01.png
new file mode 100644
index 0000000000..2a78633f21
Binary files /dev/null and b/apps/docs/public/img/sso-azure-step-01.png differ
diff --git a/apps/docs/public/img/sso-azure-step-02.png b/apps/docs/public/img/sso-azure-step-02.png
new file mode 100644
index 0000000000..629afad890
Binary files /dev/null and b/apps/docs/public/img/sso-azure-step-02.png differ
diff --git a/apps/docs/public/img/sso-azure-step-03.png b/apps/docs/public/img/sso-azure-step-03.png
new file mode 100644
index 0000000000..0c928c7712
Binary files /dev/null and b/apps/docs/public/img/sso-azure-step-03.png differ
diff --git a/apps/docs/public/img/sso-azure-step-04.png b/apps/docs/public/img/sso-azure-step-04.png
new file mode 100644
index 0000000000..9208701e31
Binary files /dev/null and b/apps/docs/public/img/sso-azure-step-04.png differ
diff --git a/apps/docs/public/img/sso-azure-step-05.png b/apps/docs/public/img/sso-azure-step-05.png
new file mode 100644
index 0000000000..e21bf0c2df
Binary files /dev/null and b/apps/docs/public/img/sso-azure-step-05.png differ
diff --git a/apps/docs/public/img/sso-azure-step-06-1.png b/apps/docs/public/img/sso-azure-step-06-1.png
new file mode 100644
index 0000000000..db94a778ab
Binary files /dev/null and b/apps/docs/public/img/sso-azure-step-06-1.png differ
diff --git a/apps/docs/public/img/sso-azure-step-06-2.png b/apps/docs/public/img/sso-azure-step-06-2.png
new file mode 100644
index 0000000000..d925a68ae6
Binary files /dev/null and b/apps/docs/public/img/sso-azure-step-06-2.png differ
diff --git a/apps/docs/public/img/sso-azure-step-07.png b/apps/docs/public/img/sso-azure-step-07.png
new file mode 100644
index 0000000000..4f8ba5f6c9
Binary files /dev/null and b/apps/docs/public/img/sso-azure-step-07.png differ
diff --git a/apps/docs/public/img/sso-gsuite-step-01.png b/apps/docs/public/img/sso-gsuite-step-01.png
new file mode 100644
index 0000000000..6573728159
Binary files /dev/null and b/apps/docs/public/img/sso-gsuite-step-01.png differ
diff --git a/apps/docs/public/img/sso-gsuite-step-02.png b/apps/docs/public/img/sso-gsuite-step-02.png
new file mode 100644
index 0000000000..b27da23320
Binary files /dev/null and b/apps/docs/public/img/sso-gsuite-step-02.png differ
diff --git a/apps/docs/public/img/sso-gsuite-step-03.png b/apps/docs/public/img/sso-gsuite-step-03.png
new file mode 100644
index 0000000000..6f5b3d5c1f
Binary files /dev/null and b/apps/docs/public/img/sso-gsuite-step-03.png differ
diff --git a/apps/docs/public/img/sso-gsuite-step-04.png b/apps/docs/public/img/sso-gsuite-step-04.png
new file mode 100644
index 0000000000..2247e4ee7b
Binary files /dev/null and b/apps/docs/public/img/sso-gsuite-step-04.png differ
diff --git a/apps/docs/public/img/sso-gsuite-step-05.png b/apps/docs/public/img/sso-gsuite-step-05.png
new file mode 100644
index 0000000000..7a6ebc7512
Binary files /dev/null and b/apps/docs/public/img/sso-gsuite-step-05.png differ
diff --git a/apps/docs/public/img/sso-gsuite-step-06.png b/apps/docs/public/img/sso-gsuite-step-06.png
new file mode 100644
index 0000000000..12041ae849
Binary files /dev/null and b/apps/docs/public/img/sso-gsuite-step-06.png differ
diff --git a/apps/docs/public/img/sso-gsuite-step-08.png b/apps/docs/public/img/sso-gsuite-step-08.png
new file mode 100644
index 0000000000..6fe31d9f15
Binary files /dev/null and b/apps/docs/public/img/sso-gsuite-step-08.png differ
diff --git a/apps/docs/public/img/sso-okta-step-01.png b/apps/docs/public/img/sso-okta-step-01.png
new file mode 100644
index 0000000000..97db30227e
Binary files /dev/null and b/apps/docs/public/img/sso-okta-step-01.png differ
diff --git a/apps/docs/public/img/sso-okta-step-02.png b/apps/docs/public/img/sso-okta-step-02.png
new file mode 100644
index 0000000000..e158d00ad5
Binary files /dev/null and b/apps/docs/public/img/sso-okta-step-02.png differ
diff --git a/apps/docs/public/img/sso-okta-step-03.png b/apps/docs/public/img/sso-okta-step-03.png
new file mode 100644
index 0000000000..ca7ff2495a
Binary files /dev/null and b/apps/docs/public/img/sso-okta-step-03.png differ
diff --git a/apps/docs/public/img/sso-okta-step-04.png b/apps/docs/public/img/sso-okta-step-04.png
new file mode 100644
index 0000000000..11c01388e7
Binary files /dev/null and b/apps/docs/public/img/sso-okta-step-04.png differ
diff --git a/apps/docs/public/img/sso-okta-step-05.png b/apps/docs/public/img/sso-okta-step-05.png
new file mode 100644
index 0000000000..bcfd4b8f97
Binary files /dev/null and b/apps/docs/public/img/sso-okta-step-05.png differ
diff --git a/apps/docs/public/img/sso-okta-step-06.png b/apps/docs/public/img/sso-okta-step-06.png
new file mode 100644
index 0000000000..b925dac97a
Binary files /dev/null and b/apps/docs/public/img/sso-okta-step-06.png differ
diff --git a/spec/supabase_js_v2.yml b/spec/supabase_js_v2.yml
index 591201a8a6..8899420a2c 100644
--- a/spec/supabase_js_v2.yml
+++ b/spec/supabase_js_v2.yml
@@ -212,6 +212,7 @@ functions:
notes: |
- Requires either an email or phone number.
- This method is used for passwordless sign-ins where a OTP is sent to the user's email or phone number.
+ - If the user doesn't exist, `signInWithOtp()` will signup the user instead. To restrict this behaviour, you can set `shouldCreateUser` in `SignInWithPasswordlessCredentials.options` to `false`.
- If you're using an email, you can configure whether you want the user to receive a magiclink or a OTP.
- If you're using phone, you can configure whether you want the user to receive a OTP.
- The magic link's destination URL is determined by the [`SITE_URL`](https://supabase.com/docs/reference/auth/config#site_url). You can modify the `SITE_URL` or add additional redirect urls in [your project](https://app.supabase.com/project/_/auth/settings).
@@ -224,6 +225,9 @@ functions:
```js
const { data, error } = await supabase.auth.signInWithOtp({
email: 'example@email.com',
+ options: {
+ emailRedirectTo: 'https://example.com/welcome'
+ }
})
```
- id: sign-in-with-sms-otp