diff --git a/README.md b/README.md
index c0778afea..a8e4755a0 100644
--- a/README.md
+++ b/README.md
@@ -72,6 +72,8 @@ Firezone is:
routing through our infrastructure.
- **Secure:** Zero attack surface thanks to Firezone's holepunching tech which
establishes tunnels on-the-fly at the time of access.
+- **Open:** Our entire product is open-source, allowing anyone to audit the
+ codebase.
- **Flexible:** Authenticate users via email, Google Workspace, or OIDC and sync
users and groups automatically.
- **Simple:** Deploy gateways and configure access in minutes with a snappy
diff --git a/website/src/app/kb/authenticate/service-accounts/page.tsx b/website/src/app/kb/authenticate/service-accounts/page.tsx
new file mode 100644
index 000000000..6a856b72e
--- /dev/null
+++ b/website/src/app/kb/authenticate/service-accounts/page.tsx
@@ -0,0 +1,11 @@
+import Content from "./readme.mdx";
+import { Metadata } from "next";
+
+export const metadata: Metadata = {
+ title: "Service Accounts • Firezone Docs",
+ description: "Firezone Documentation",
+};
+
+export default function Page() {
+ return ;
+}
diff --git a/website/src/app/kb/authenticate/service-accounts/readme.mdx b/website/src/app/kb/authenticate/service-accounts/readme.mdx
new file mode 100644
index 000000000..54d38f168
--- /dev/null
+++ b/website/src/app/kb/authenticate/service-accounts/readme.mdx
@@ -0,0 +1,28 @@
+import Alert from "@/components/DocsAlert";
+
+# Service Accounts
+
+Service accounts are actors that can be used with the Firezone Linux client in
+headless operation to manage access from a server, machine, or other non-user
+machine to your Resources.
+
+Service accounts behave like any other actor in Firezone. They can be added to
+Groups and Policies to gain access to Resources.
+
+their tokens don't expire.
+ We recommend manually rotating service account tokens on a scheduled
+ interval as a best practice.
+ `}
+/>
+
+## Create a service account
+
+To create a service account, head to `Actors` -> `Add Actor` and select
+`Service Account` as the type.
+
+You will then be shown a token you'll need to copy somewhere safe to use with
+the [Linux client](/kb/user-guides/linux-client).
diff --git a/website/src/app/kb/authenticate/user-group-sync/page.tsx b/website/src/app/kb/authenticate/user-group-sync/page.tsx
index b842ac026..c7086d559 100644
--- a/website/src/app/kb/authenticate/user-group-sync/page.tsx
+++ b/website/src/app/kb/authenticate/user-group-sync/page.tsx
@@ -2,7 +2,7 @@ import Content from "./readme.mdx";
import { Metadata } from "next";
export const metadata: Metadata = {
- title: "IdP Sync • Firezone Docs",
+ title: "User / Group Sync • Firezone Docs",
description: "Firezone Documentation",
};
diff --git a/website/src/app/kb/authenticate/user-group-sync/readme.mdx b/website/src/app/kb/authenticate/user-group-sync/readme.mdx
index e48713eb7..d1fd63cd3 100644
--- a/website/src/app/kb/authenticate/user-group-sync/readme.mdx
+++ b/website/src/app/kb/authenticate/user-group-sync/readme.mdx
@@ -43,20 +43,8 @@ and associated policy in Firezone.
## Nested groups and organizational units
Firezone flattens nested groups and organizational units synced from Google
-Workspace. User membership is determined **only** by its immediate parent. At
-this time, Firezone does not recursively sync members from nested groups and
-organizational units.
-
-
- this GitHub issue so we can prioritize it on our roadmap.
- `}
-/>
-
-For example, if you had the following group structure in your Google Workspace
+Workspace. User membership is determined **only** by its immediate parent. For
+example, if you had the following group structure in your Google Workspace
account:
```
@@ -75,6 +63,8 @@ In Firezone, you would see the follow groups after sync:
- Group:Product
- steve@company.com
- Group:Engineering
+ - bob@company.com
+ - alice@company.com
- Group:Support
- patrick@company.com
```
diff --git a/website/src/components/KbSidebar/Collapse.tsx b/website/src/components/KbSidebar/Collapse.tsx
index acd3c1811..35d75c5bf 100644
--- a/website/src/components/KbSidebar/Collapse.tsx
+++ b/website/src/components/KbSidebar/Collapse.tsx
@@ -32,17 +32,14 @@ export default function Collapse({
{label}
{expandedState ? (
-
+
) : (
-
+
)}
{children}
diff --git a/website/src/components/KbSidebar/Item.tsx b/website/src/components/KbSidebar/Item.tsx
index f3d3dd5dc..d02083c5b 100644
--- a/website/src/components/KbSidebar/Item.tsx
+++ b/website/src/components/KbSidebar/Item.tsx
@@ -1,29 +1,33 @@
import Link from "next/link";
import { Route } from "next";
import { usePathname } from "next/navigation";
+import { HiMinus } from "react-icons/hi2";
export default function Item({
+ topLevel,
href,
label,
}: {
+ topLevel?: boolean;
href: Route;
label: string;
}) {
- const p = usePathname();
-
function active(path: string) {
- return p == path ? "bg-neutral-100 " : "";
+ return usePathname() == path;
}
return (
- {label}
+ {!topLevel && }
+
+ {label}
+
);
}
diff --git a/website/src/components/KbSidebar/index.tsx b/website/src/components/KbSidebar/index.tsx
index 5aa32e7f7..0f51ad5c7 100644
--- a/website/src/components/KbSidebar/index.tsx
+++ b/website/src/components/KbSidebar/index.tsx
@@ -25,10 +25,10 @@ export default function KbSidebar() {
-
+
-
+
@@ -78,6 +78,12 @@ export default function KbSidebar() {
label="User / Group sync"
/>