Commit Sys Admin authentication settings

help/getting-started/my-account/README.md

@@ -15,7 +15,7 @@ Change your personal settings in My Account. Here you can adapt, e.g. the langua
 | [Change password](#change-password)                          | How to change my password?                                   |
 | [Edit your user information](#edit-your-user-information)    | How to change the name or email address in OpenProject?      |
 | [Profile settings: change your language, time zone or display of comments](#profile-settings:-change-your-language,-time-zone-or-display-of-comments) | How to change the language, time zone or display of comments in OpenProject? |
-| [Two-factor authentication](#two-factor-authentication)      | How to set up a two-factor authentication?                   |
+| [Two-factor authentication](#two-factor-authentication-premium-feature) | How to set up a two-factor authentication?                   |
 | [Email notifications](#email-notifications)                  | How to change email notifications sent by OpenProject?       |
 | [Set an Avatar](#set-an-avatar)                              | How to set an Avatar in OpenProject and change the profile picture? |
 | [Delete account](#delete-account)                            | How to delete my own account?                                |

help/system-admin-guide/authentication/authentication-settings/README.md

@@ -39,21 +39,29 @@ You can define a footer for your registration emails under -> *Administration* -
 
 ![Sys-admin-authentication-registration-footer](Sys-admin-authentication-registration-footer.png)
 
+## Configure password settings
 
+You can change various settings to configure password preferences in OpenProject.
 
+1. Define the **minimum password length**.
+2. Define the password strength and select what **character classes are a mandatory part of the password**.
+3. Define the **minimum number of required character classes**.
+4. Define the number of days, after which a **password change should be enforced**.
+5. Define the **number of the most recently used passwords that a user should not be allowed to reuse**.
+6. Activate the **Forgot your password.** This way a user will be able to reset the own password via email.
 
+![Sys-admin-authentication-passwords](Sys-admin-authentication-passwords-1579791010597.png)
 
-1. Define the minimum password length.
-2. Select what character classes should be part of the password.
-3. Define the minimum number of required character classes.
-4. Define the number of days, after which a password change should be enforced.
-5. Define the number of the most recently used passwords that a user should not be allowed to reuse.
-6. Activate the *Forgot your password.*
-7. Define the number of failed login attempts, after which a user will be temporarily blocked.
-8. Define the duration of the time, for which the user will be blocked after failed login attempts.
-9. Enable or disable the autologin option. This allows a user to remain logged in, even if he/she leaves the site. Is this option is activated, the “Stay signed in” option will appear on the login screen.
-10. Activate the session expiration option. If you select this option,  an additional field will open, where you will be able to define the  inactivity time duration before the session expiry.
-11. Log user login, name, and mail address for all requests.
-12. Enable REST web service. This activates an API-Interface, which  allows communication between external services (for example MS Office)  and the instance.
-13. Don’t forget to save your changes.
+## Other authentication settings
 
+There can be defined a number of other authentication settings.
+
+1. Define the number of failed **login attempts, after which a user will be temporarily blocked**.
+2. Define the **duration of the time, for which the user will be blocked after failed login attempts**.
+3. Enable or disable the **autologin option**. This allows a user to remain logged in, even if he/she leaves the site. If this option is activated, the “Stay signed in” option will appear on the login screen to be selected.
+4. Activate the **session expiration option**. If you select this option, an additional field will open, where you will be able to define the **inactivity time duration before the session expiry**.
+5. Define to **log user login, name, and mail address for all requests**.
+6. **Enable REST web service**. This activates an API-Interface, which allows communication between external services (for example MS Office)  and the instance.
+7. Do not forget to **save** your changes.
+
+![Sys-admin-authentication-other-settings](Sys-admin-authentication-other-settings.png)

help/system-admin-guide/authentication/oauth-applications/README.md

@@ -0,0 +1,29 @@
+---
+sidebar_navigation:
+  title: OAuth applications
+  priority: 900
+description: OAuth application settings in OpenProject.
+robots: index, follow
+keywords: OAuth application settings
+---
+# OAuth applications
+
+To activate and configure oauth applications, navigate to -> *Administration* -> *Authentication* and choose -> *Oauth applications*.
+
+## Add a new authentication application for oauth
+
+To add a new oauth application, click the green **+ Add** button.
+
+![Sys-admin-authenticatoin-oauth-applications](Sys-admin-authenticatoin-oauth-applications.png)
+
+
+
+You can configure the following options to add your oauth application.
+
+1. Enter the **name** of your oauth application.
+2. **Define redirect URLs** where authorized users can be redirected to.
+3. Check if the application will be used **confidentially**.
+4. Choose **client credential flows** and define a user on whose behalf requests will be performed.
+5. Press the blue **Create** button to add your oauth application.
+
+![Sys-admin-authentication-add-oauth-application](Sys-admin-authentication-add-oauth-application.png)

help/system-admin-guide/authentication/openid-providers/README.md

@@ -0,0 +1,31 @@
+---
+sidebar_navigation:
+  title: OpenID providers
+  priority: 800
+description: OpenID providers for OpenProject.
+robots: index, follow
+keywords: OpenID providers
+---
+# OpenID providers
+
+<div class="alert alert-info" role="alert">
+**Note**: For the OpenID configuration view our docs in Github:  https://github.com/opf/openproject/blob/dev/docs/configuration/openid.md  (Todo: needs to be moved to documentation).
+</div>
+
+To activate and configure OpenID providers in OpenProject, navigate to -> *Administration* -> *Authentication* and choose -> *OpenID providers*.
+
+## Add a new authentication application for oauth
+
+To add a new OpenID provider, click the green **+ OpenID provider** button.
+
+![Sys-admin-authentication-openid-provider](Sys-admin-authentication-openid-provider.png)
+
+You can configure the following options.
+
+1. Choose **Google** or **Azure** to add as an OpenID provider to OpenProject.
+2. Optionally enter a **display name**.
+3. Enter the **Identifier**.
+4. Enter the **Secret**.
+5. Press the blue **create** button.
+
+![Sys-admin-authentication-add-openid-provider](Sys-admin-authentication-add-openid-provider.png)

help/system-admin-guide/authentication/recaptcha/README.md

@@ -0,0 +1,22 @@
+---
+sidebar_navigation:
+  title: reCAPTCHA
+  priority: 600
+description: configure reCAPTCHA for OpenProject.
+robots: index, follow
+keywords: reCAPTCHA
+---
+# reCAPTCHA configuration
+
+To activate and **configure reCAPTCHA** for OpenProject, navigate to -> *Administration* -> *Authentication* and choose -> reCAPTCHA.
+
+ If enabled, a captcha form will be rendered upon login for all users that have not verified a captcha yet. Please see the following link for more details on reCAPTCHA and their versions, and how to create the website and secret keys: https://www.google.com/recaptcha.
+
+You can configure the following options:
+
+1. Activate reCAPTCHA for OpenProject. You can choose between reCAPTCHA v2 and reCAPTCHA v3.
+2. Insert the **website key**.
+3. Insert the **secret key**.
+4. Press the blue **Apply** button to save your changes.
+
+![Sys-admin-authentication-recaptcha](Sys-admin-authentication-recaptcha.png)

help/system-admin-guide/authentication/two-factor-authentication/README.md

@@ -0,0 +1,19 @@
+---
+sidebar_navigation:
+  title: Two-factor authentication
+  priority: 700
+description: configure two-factor authentication for OpenProject.
+robots: index, follow
+keywords: two-factor authentication
+---
+# Two-factor authentication (Premium feature)
+
+To activate and **configure two-factor authentication** for OpenProject, navigate to -> *Administration* -> *Authentication* and choose -> *two-factor authentication*.
+
+You can configure the following options:
+
+1. **Enforce two-factor authentication (2FA) for the whole system**. All users will be forced to [register a 2FA device](../../../getting-started/my-account/#two-factor-authentication-premium-feature) on their next login.
+2. **Remember 2FA login for a given number of days**, e.g. 30 days.
+3. Press the blue **Apply** button to save your changes.
+
+![Sys-admin-authentication-two-factor-authentication](Sys-admin-authentication-two-factor-authentication.png)