Update recommendations for local authentication (#1252)

Update the local auth docs to reflect current recommendations.

docs/docs/administer/troubleshoot.mdx

@@ -165,12 +165,12 @@ sudo firezone-ctl create-or-reset-admin
 </TabItem>
 </Tabs>
 
-## Re-enable local authentication in CLI
+## Re-enable local authentication via CLI
 
-For production deployments, we recommend adding a TOTP-based second factor to
-admin accounts. If you promoted an account authenticated through an identity
-provider, you can consider disabling local authentication for additional
-security.
+When using the local authentication method we recommend adding a
+[TOTP-based second factor](/authenticate/multi-factor/) to admin accounts.
+If you've configured an [OIDC](/authenticate/oidc/) or [SAML](/authenticate/saml/)
+provider, you can consider disabling local authentication for additional security.
 
 If issues arise with your identity provider integration, it's possible you
 could be locked out of the admin portal. To re-enable local authentication so

docs/docs/authenticate/README.mdx

@@ -37,11 +37,6 @@ Open a [Github issue](https://github.com/firezone/firezone/issues)
 to request documentation or submit a pull request to add documentation for your
 provider.
 
-Need help setting up SSO? Join our [Firezone Slack group
-](https://www.firezone.dev/slack?utm_source=docs.firezone.dev) for community support or
-[contact us for paid, hands-on support
-](https://www.firezone.dev/contact/sales?utm_source=docs.firezone.dev).
-
 ### The OIDC Redirect URL
 
 For each OIDC provider a corresponding URL is created for redirecting to
@@ -99,3 +94,6 @@ A user's connection status is shown on the Users page under the table column
 * DISABLED - The connection is disabled by an administrator or OIDC refresh failure.
 * EXPIRED - The connection is disabled due to authentication expiration or a user
 has not signed in for the first time.
+
+import SupportOptions from '@site/src/partials/_support_options.mdx';
+<SupportOptions />

docs/docs/authenticate/local-auth.mdx

@@ -10,11 +10,19 @@ the Firezone portal. Administrators can add users and assign their passwords on
 the `/users` page. See [Add users](/user-guides/add-users/) for more details.
 
 :::note
-For production installations, we highly recommend [enabling TOTP-based MFA](/authenticate/multi-factor/)
-for any accounts using the local authentication method.
+Although local authentication is quick and easy to get started with, you can
+limit attack surface by [disabling local authentication](#disabling-local-authentication)
+altogether. See our [OIDC](/authenticate/oidc/) or [SAML](/authenticate/saml/) guides
+for details.
 :::
 
+We recommend [enabling TOTP-based MFA](/authenticate/multi-factor/) for any
+accounts that use the local authentication method.
+
 ## Disabling local authentication
 
-If you wish to completely disable local authentication in favor of an SSO-only
-approach, see our [OIDC](/authenticate/oidc/) or [SAML](/authenticate/saml/) guides.
+Local authentication can be enabled or disabled from the `/settings/security` page.
+If you've disabled local authentication and can no longer authenticate to the portal
+to re-enable it, see our [troubleshooting guide
+](/administer/troubleshoot#re-enable-local-authentication-via-cli) for re-enabling
+local authentication from the CLI.

docs/docs/deploy/security-considerations.mdx

@@ -44,6 +44,7 @@ Shown below is a table of default ports used by Firezone services.
 For production deployments of Firezone, we recommend you disable local authentication
 altogether by setting `default['firezone']['authentication']['local']['enabled'] = false`
 (Omnibus-based deployments) or `LOCAL_AUTH_ENABLED=false` (Docker-based deployments).
+Local authentication can also be disabled on the `/settings/security` page.
 
 :::caution
 Ensure you've set up a working [OIDC](/authenticate/oidc/) or [SAML](/authenticate/saml/)-based