Skip to main content

Runbook screenshots

Drop screenshots here for the HTML runbooks. Filenames are referenced by <img> tags in ../user-sync-setup.html and ../jit-provisioning-setup.html.

sync/ — for user-sync-setup.html

FileCapture fromShows
01-create-client.pngExternal Keycloak admin UI → Clients → CreateThe Create-client wizard's first page with opendesk-sync typed into Client ID
02-capability-config.pngSame wizard, Capability config stepToggles: Client auth ON, Service accounts ON, others OFF
03-credentials-tab.pngClient → Credentials tabThe generated client secret box (operator should redact the value before committing)
04-service-account-roles.pngClient → Service accounts roles → Assign roleThe two realm-management roles (view-users, query-users) assigned
05-cockpit-scim-toggle.pngCockpit UI → instance → ComponentsSCIM service + Scheduled sync toggles ON
06-cockpit-source-fields.pngSame Cockpit panel, expandedSource URL / realm / clientId / clientSecret fields filled out
07-deploy-log-sync.pngCockpit Deployer panelThe Ensuring SCIM bearer token step success line
08-job-logs.pngTerminal kubectl logs job/manual-sync-...Output showing fetched N users, created user <name> lines

jit/ — for jit-provisioning-setup.html

FileCapture fromShows
01-external-idp-register.pngExternal IdP admin (Entra / Keycloak / Auth0)OIDC client registration form with redirect URI filled
02-redirect-uri.pngSame formThe exact redirect URI format that ends in /broker/<alias>/endpoint
03-cockpit-idp-block.pngCockpit UI → instance → Identity ProvidersExternal IdP form with protocol/displayName/alias/issuerUrl/clientId fields
04-cockpit-jit-block.pngSame page, JIT subsectionJIT enabled toggle + MailDomain field highlighted
05-deploy-init-container.pngCockpit Deployer logThe install-jit-provider InitContainer running line
06-keycloak-broker-flow.pngUMS Keycloak admin → Authentication → FlowsThe opendesk-first-broker-login flow with ums-jit-authenticator step at the top
07-login-redirect.pngUser's browser, openDesk login pageThe "Sign in with <external IdP>" button OR the auto-redirect happening
08-ldap-after-login.pngTerminal ldapsearch ...The freshly-created UMS user entry with synthesised mailPrimaryAddress + brokered mailAlternativeAddress

Notes for screenshot capture

  • Redact any client secrets, tokens, or customer-specific URLs before committing.
  • Prefer the dark-mode admin UI variants where available so the screenshots match the runbook's dark theme.
  • 1600×900 (or close) is the target — the runbook scales them to ~70% of column width with max-w-3xl.
  • PNG with transparent background where possible.

If a placeholder image is missing, the runbook still renders — the <img> tag falls back to alt text styled as a dashed-bordered box reading "Screenshot pending: capture this from ".