feat: active directory setup (#142)

Signed-off-by: Miguel Martinez Trivino <migmartri@gmail.com>

Author: migmartri

docs/faq.md

@@ -10,7 +10,7 @@ Yes, Chainloop source code has been Open Sourced and can be found [here](https:/
 
 #### Can I run my own instance of Chainloop end to end?
 
-Yes, please refer to this [guide](./guides/deployment/)
+Yes, please refer to this [guide](./guides/deployment/k8s)
 
 #### In this documentation site there are references to Chainloop Cloud, what is it?
 

docs/getting-started/installation.md

@@ -67,11 +67,11 @@ cd chainloop && make -C app/cli build
 
 Downloading the CLI is everything you need to give Chainloop a try since, by default, it points to a [running instance of Chainloop](https://docs.chainloop.dev/chainloop-cloud).
 
-**To run a Chainloop instance** on your Kubernetes cluster follow [these instructions](/guides/deployment).
+**To run a Chainloop instance** on your Kubernetes cluster follow [these instructions](/guides/deployment/k8s).
 
 ## Configure CLI (optional)
 
-If you [are running your own instance](/guides/deployment) of Chainloop Control Plane. You can make the CLI point to your instance by using the `chainloop config save` command.
+If you [are running your own instance](/guides/deployment/k8s) of Chainloop Control Plane. You can make the CLI point to your instance by using the `chainloop config save` command.
 
 ```sh
 chainloop config save \

docs/guides/deployment/_category_.json

@@ -0,0 +1,4 @@
+{
+  "label": "Deployment",
+  "collapsed": true
+}

…cs/guides/deployment/deployment-dark.png …uides/deployment/k8s/deployment-dark.pngdocs/guides/deployment/deployment-dark.png renamed to docs/guides/deployment/k8s/deployment-dark.png docs/guides/deployment/deployment-dark.png renamed to docs/guides/deployment/k8s/deployment-dark.png

@@ -0,0 +1,56 @@
+---
+title: Use Active Directory as Single Sign-On provider
+---
+
+import Image from "@theme/IdealImage";
+
+Chainloop authentication backend is delegated to an OpenID Connect (OIDC) compatible Identity Provider (IdP) such as Google, GitHub, Auth0 or Azure Active Directory.
+
+This guide will show you how to configure your Chainloop instance to run authentication over Azure Active Directory.
+
+The process comprises two steps:
+
+1. Register a new App in your Azure Active Directory tenant
+2. Configure Chainloop deployment with the new OIDC settings
+
+## Register a new App
+
+In your Azure console go to **App registrations** and click on **New registration**.
+
+<Image img={require("./register-app.png")} />
+
+Fill out a descriptive name and your custom callback URL that should point to your instance of Chainloop control plane.
+
+<Image img={require("./register-app-2.png")} />
+
+Once done, take note of the generated **Application (client) ID** and the tenant ID.
+
+<Image img={require("./register-app-0.png")} />
+
+Next Create a new client secret and copy the generated value by clicking on "Certificate & secrets" > "New client secret" 
+
+<Image img={require("./register-app-3.png")} />
+
+Once done, copy the "value" which will be used as the `clientSecret` in the next step.
+
+<Image img={require("./register-app-4.png")} />
+
+## Configure Chainloop deployment
+
+As explained in the [deployment guide](../k8s), Open ID Connect configuration is done using the `auth.oidc` section of the `values.yaml` file.
+
+Use the ClientID, Secret and URL from the previous step to configure the OIDC backend as shown below
+
+```yaml
+auth:
+  oidc:
+    url: https://login.microsoftonline.com/[TENANT_ID]/v2.0
+    clientID: [APP-CLIENT-ID]
+    clientSecret: "[APP-CLIENT-SECRET]"
+```
+
+And deploy your Chainloop Control Plane with the update values to take effect.
+
+Finally give it a try by running `chainloop auth login` and that's all! Your Chainloop users are now authenticated against your Active Directory tenant.
+
+