Runbook screenshots
Drop screenshots here for the HTML runbooks. Filenames are referenced by
<img> tags in ../user-sync-setup.html and ../jit-provisioning-setup.html.
sync/ — for user-sync-setup.html
| File | Capture from | Shows |
|---|---|---|
01-create-client.png | External Keycloak admin UI → Clients → Create | The Create-client wizard's first page with opendesk-sync typed into Client ID |
02-capability-config.png | Same wizard, Capability config step | Toggles: Client auth ON, Service accounts ON, others OFF |
03-credentials-tab.png | Client → Credentials tab | The generated client secret box (operator should redact the value before committing) |
04-service-account-roles.png | Client → Service accounts roles → Assign role | The two realm-management roles (view-users, query-users) assigned |
05-cockpit-scim-toggle.png | Cockpit UI → instance → Components | SCIM service + Scheduled sync toggles ON |
06-cockpit-source-fields.png | Same Cockpit panel, expanded | Source URL / realm / clientId / clientSecret fields filled out |
07-deploy-log-sync.png | Cockpit Deployer panel | The Ensuring SCIM bearer token step success line |
08-job-logs.png | Terminal kubectl logs job/manual-sync-... | Output showing fetched N users, created user <name> lines |
jit/ — for jit-provisioning-setup.html
| File | Capture from | Shows |
|---|---|---|
01-external-idp-register.png | External IdP admin (Entra / Keycloak / Auth0) | OIDC client registration form with redirect URI filled |
02-redirect-uri.png | Same form | The exact redirect URI format that ends in /broker/<alias>/endpoint |
03-cockpit-idp-block.png | Cockpit UI → instance → Identity Providers | External IdP form with protocol/displayName/alias/issuerUrl/clientId fields |
04-cockpit-jit-block.png | Same page, JIT subsection | JIT enabled toggle + MailDomain field highlighted |
05-deploy-init-container.png | Cockpit Deployer log | The install-jit-provider InitContainer running line |
06-keycloak-broker-flow.png | UMS Keycloak admin → Authentication → Flows | The opendesk-first-broker-login flow with ums-jit-authenticator step at the top |
07-login-redirect.png | User's browser, openDesk login page | The "Sign in with <external IdP>" button OR the auto-redirect happening |
08-ldap-after-login.png | Terminal ldapsearch ... | The freshly-created UMS user entry with synthesised mailPrimaryAddress + brokered mailAlternativeAddress |
Notes for screenshot capture
- Redact any client secrets, tokens, or customer-specific URLs before committing.
- Prefer the dark-mode admin UI variants where available so the screenshots match the runbook's dark theme.
- 1600×900 (or close) is the target — the runbook scales them to ~70% of column width with
max-w-3xl. - PNG with transparent background where possible.
If a placeholder image is missing, the runbook still renders — the <img> tag falls back to alt text styled as a dashed-bordered box reading "Screenshot pending: capture this from