Merge branch 'main' into docs/google-dsync

.github/workflows/main.yml

@@ -16,5 +16,5 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - run: npm install
+      - run: npm install --legacy-peer-deps
       - run: npm run build

README.md

@@ -5,7 +5,7 @@ This website is built using [Docusaurus 2](https://docusaurus.io/), a modern sta
 ## Installation
 
 ```console
-npm install
+npm install --legacy-peer-deps
 ```
 
 ## Local Development

blog/2021-11-07-the-ikea-effect-in-software-engineering.md

@@ -23,4 +23,4 @@ We have seen software eat the world. This has led to more surface area for secur
 
 BoxyHQ will build IKEA desks for all our customers so they don’t have to. Just sit at your pre-assembled desk and continue working on cool things that you set out to build in the first place.
 
-PS: Announcing SAML Jackson (who doesn’t like a bit of Pulp Fiction), a SAML SSO service that works seamlessly as an OAuth 2.0 flow and abstracts away the tedious XML bits of the SAML protocol. Check out <https://github.com/boxyhq/jackson> and the demo at <https://github.com/boxyhq/jackson-examples/tree/main/apps/next-auth>. If SAML SSO is not relevant to you at this moment don’t forget to bookmark us and check back again. We are building a **"DevSecMesh"** over time so you can expect a lot of exciting features in the coming months.
+PS: Announcing SAML Jackson (who doesn’t like a bit of Pulp Fiction), a SAML SSO service that works seamlessly as an OAuth 2.0 flow and abstracts away the tedious XML bits of the SAML protocol. Check out [our repository](https://github.com/boxyhq/jackson) and the [demo](https://github.com/boxyhq/jackson-examples/tree/main/apps/next-auth). If SAML SSO is not relevant to you at this moment don’t forget to bookmark us and check back again. We are building a **"DevSecMesh"** over time so you can expect a lot of exciting features in the coming months.

blog/2022-06-30-understanding-saml-sso-the-basics-from-the-solution-providers-side.md

@@ -25,4 +25,4 @@ In the diagram above we can see what it looks like when you build a custom SAML
 
 As you can see from the image above with BoxyHQ you only have to connect your product with a straightforward integration to BoxyHQ and then we manage and connect you to all the IDPs! It is that simple and you can deploy SAML SSO for your clients in as little as 8 days. We are also open source and free so you don't need to worry about big maintenance bills, we will even offer you custom support during the integration.
 
-If you are interested in becoming enterprise-ready without the hassle then let's chat! You can [book](https://meetings.hubspot.com/deepakprab/demo) a free consultation call and chat with our CEO about how we can help. Let's start the journey together.
+If you are interested in becoming enterprise-ready without the hassle then let's chat! You can [book](https://cal.com/deepak-boxyhq/demo) a free consultation call and chat with our CEO about how we can help. Let's start the journey together.

blog/2022-06-30-understanding-saml-sso-the-basics-from-the-user-side.md

@@ -42,6 +42,6 @@ As a user using SAML is very simple and pleasant to use as you only have to log
 
 Without SAML you have to maintain account information across multiple services but when you use SAML this is all managed by the IdP.
 
-BoxyHQ is open source and our SAML SSO product, SAML Jackson is just the first product we have built to help companies become enterprise-ready. If you are interested in discussing your authentication strategy or deploying SAML SSO you can book a call with our CEO [here](https://meetings.hubspot.com/deepakprab/demo) to discuss how we can support you.
+BoxyHQ is open source and our SAML SSO product, SAML Jackson is just the first product we have built to help companies become enterprise-ready. If you are interested in discussing your authentication strategy or deploying SAML SSO you can book a call with our CEO [here](https://cal.com/deepak-boxyhq/demo) to discuss how we can support you.
 
 I hope you have found this high-level explanation of SAML and its use cases helpful. If you have any questions please don't hesitate to reach out to us on our live chat on our website https://boxyhq.com/

blog/2022-09-27-enterprise-ready-saas-starter-kit.md

@@ -52,16 +52,26 @@ Through Teams, SaaS app users invite others to collaboratively use the applicati
 
 ## Other Features
 
-Let's also look at other standard features the SaaS kit offers.
+Now, let's take a look at the other conventional features that the SaaS kit provides. 🥇
 
 - Create account
 - Sign in with Email and Password
 - Sign in with Magic Link
+- Sign in with SAML SSO
+- Sign in with Google [[Setting up Google OAuth](https://support.google.com/cloud/answer/6158849?hl=en)]
+- Sign in with GitHub [[Creating a Github OAuth App](https://docs.github.com/en/developers/apps/building-oauth-apps/creating-an-oauth-app)]
+- Directory Sync (SCIM)
 - Update account
-- Manage team
-- Manage team members
+- Create team
 - Invite users to the team
-- Accept invitation
+- Manage team members
+- Update team settings
+- Webhooks & Events
+- Internationalization
+- Audit logs
+- Roles and Permissions
+- Dark mode
+
 
 ## Getting Started
 

blog/2023-07-20-boxyhq-the-must-have-for-your-startups-next-enterprise-customer.md

@@ -74,7 +74,8 @@ They look for quite a few standards to be met in a solution provider 👇🏻
 
 ![enterprise-ready1](/img/blog/scoutflo-blog-enterprise-ready1.webp)
 
-<div style={{ fontSize: "10px", marginTop: "-20px", paddingBottom: "20px" }}>Source <a href="https://www.enterpriseready.io/">EnterpriseReady.io</a> 
+<div style={{ fontSize: "10px", marginTop: "-20px", paddingBottom: "20px" }}>
+Source <a href="https://www.enterpriseready.io/">EnterpriseReady.io</a> 
 </div>
 
 ![enterprise-ready2](/img/blog/scoutflo-blog-enterprise-ready2.webp)

blog/2023-6-21-ignite-your-saas-journey-with-the-best-free-and-open-source-saas-starter-kit.md

@@ -13,7 +13,7 @@ image: /img/blog/enterprise-ready-saas.jpg
 
 Discover the Game-Changing Power of an Enterprise-Ready Solution that will help you save thousands of dollars in development costs.
 
-Are you a SaaS founder striving for accelerated success in the highly competitive landscape? Look no further! At BoxyHQ we've curated a revolutionary tool that will supercharge your SaaS journey like never before. Introducing the Best Free and Open-Source SaaS Starter Kit, designed to ignite your growth and transform your startup dreams into reality.
+Are you a SaaS founder striving for accelerated success in the highly competitive landscape? Look no further! At BoxyHQ we've curated a revolutionary tool that will supercharge your SaaS journey like never before. Introducing the Best Free and Open-Source [SaaS Starter Kit](https://github.com/boxyhq/saas-starter-kit), designed to ignite your growth and transform your startup dreams into reality.
 
 ## Enterprise-Ready Powerhouse
 

blog/2023-9-23-boosting-trust-and-efficiency-a-conversation-with-supademos-ceo.md

@@ -0,0 +1,61 @@
+---
+slug: boosting-trust-and-efficiency-a-conversation-with-supademos-ceo
+title: "Boosting Trust and Efficiency: A Conversation with Supademo's CEO"
+tags_disabled:
+  [
+    developer,
+    security,
+    cybersecurity,
+    devsecops,
+    open-source,
+    developerfirst,
+    case-study,
+  ]
+image: /img/success-stories/supademo-logo.png
+hide_table_of_contents: true
+author: Nathan Tarbert
+author_title: Community Engineer @BoxyHQ
+author_url: https://github.com/NathanTarbert
+author_image_url: https://boxyhq.com/img/team/nathan.jpg
+---
+
+Supademo is on a mission to help teams communicate products more effectively starting with the fastest way to create intuitive click-through demos and guides.
+This, in turn, leads to more deals closed, better onboarding, and reduced support tickets, among many other glorious things.
+
+**Q:** Thank you for joining us today, Joseph Lee, CEO, and co-founder of Supademo.
+
+**Joseph Lee (Supademo):** Thank you for having me. It's a pleasure to share our journey.
+
+**Q:** Joseph, can you start by telling us what motivated Supademo to implement enterprise Single Sign-On (SSO)?
+
+**Joseph Lee (Supademo):** Absolutely. We decided to implement enterprise SSO due to significant demand from larger customers who wanted to leverage Supademo across their departments. These customers were already accustomed to the security and convenience offered by SAML SSO and wanted to easily maintain access and permissions across multiple services. While SSO wasn't a deal breaker for the deal to go through, we wanted to ensure that our customers didn't need to go out of their way to adjust their preferred workflow.
+
+**Q:** That makes sense. And why did you choose BoxyHQ's Jackson for this implementation?
+
+**Joseph Lee (Supademo):** A big part of why Supademo chose BoxyHQ was due to its reputation. Several Supademo customers had recommended BoxyHQ as a service provider, and we noticed several well-known customers were leveraging Jackson for their SSO with glowing reviews. We considered several other alternatives but ultimately chose BoxyHQ due to their responsiveness and hands-on support, which were top-notch.
+
+**Q**: That's great to hear. Now, could you elaborate on both the direct benefits and soft benefits you observed following the adoption of the solution?
+
+**Joseph Lee (Supademo):** Certainly. Supademo has seen plenty of soft benefits of working with BoxyHQ - but some of the biggest include the lack of maintenance effort, ease of adoption, and direct time savings for our entire engineering team. The latter point is especially important, as it allows us to refocus our energy on Supademo's core mission: helping teams communicate their products more effectively to others.
+
+As for direct benefits, we were able to close several enterprise partnerships with BoxyHQ's help and provide them with a secure and streamlined authentication process within the Supademo platform. This has helped increase our clients' trust in Supademo.
+
+**Q:** That's remarkable. In terms of business impact, how much time did it save your team?
+
+**Joseph Lee (Supademo):** With BoxyHQ, we were able to ship SSO capabilities in days - which is a massive savings compared to our initial estimate of 1-2 months for an in-house solution. As a result, Supademo was able to abstract out complexities, reduce potential errors, and provide more value to clients faster with BoxyHQ.
+
+**Q:** Impressive time savings indeed. Have you seen any significant growth in acquiring enterprise clients as a direct result of utilizing SSO?
+
+**Joseph Lee (Supademo):** Absolutely. We've seen considerable traction and interest from multiple enterprise-level customers after implementing SSO. Supademo's BoxyHQ integration has been an asset that we'll continue to leverage to grow our team and add more value to customers.
+
+**Q:** That's fantastic to hear. From your perspective, how do you view this successful partnership with BoxyHQ?
+
+**Joseph Lee (Supademo):** Supademo's trust in BoxyHQ has been built not only from the underlying tech but also from the exceptional support received. Implementation was a breeze, and Boxy's continued responsiveness is a testament to our customer-centric mission - something that we share at Supademo.
+
+**Q:** Thank you, Joseph Lee, for sharing your valuable insights into Supademo's journey with enterprise SSO. Your experiences provide a compelling example of how innovation and strategic partnerships can drive success in today's dynamic business landscape.
+
+**Joseph Lee (Supademo):** You're very welcome. It's been a pleasure to be part of this discussion, and I hope our experiences can inspire others in their endeavors. Thank you for having me.
+
+<div style={{ textAlign: "center" }}>
+  <a href="/success-stories/cost-efficiency-unleashed-how-boxyhqs-sso-saved-supademo-time-and-money" class="button button--primary button--outline">Read Spike's success story</a>
+</div>

docs/directory-sync/providers/index.md

@@ -2,8 +2,8 @@
 
 SAML Jackson supports the following directory providers:
 
-- [Microsoft Entra ID SCIM v2.0](./azure)
-- [Okta SCIM v2.0](./okta)
+- [Microsoft Entra ID v2.0](./azure)
 - [OneLogin SCIM v2.0](./onelogin)
+- [Okta SCIM v2.0](./okta)
 - [JumpCloud SCIM v2.0](./jumpcloud)
 - [Google Workspace](./google)

docs/jackson/deploy/env-variables.md

@@ -10,6 +10,11 @@ The env vars are only applicable to the Jackson service. If you are using the np
 
 ## General configuration
 
+### **HOSTNAME**
+
+If you need to bind to a specific hostname, you can define `HOSTNAME` environment variable. 
+For example, if you are planning to use a Docker health check like `wget -q --spider http://localhost:{PORT}/api/health || exit 1` set `HOSTNAME=0.0.0.0` to listen to localhost.
+
 ### **HOST_URL**
 
 The URL to bind to.
@@ -197,6 +202,17 @@ If you are using a self-signed certificate then set this to `false`, otherwise i
 
 Default: `true`
 
+### **DB_MANUAL_MIGRATION**
+
+Set this to true to trigger execution of migration scripts when you use our Jackson docker image.
+
+Optionally you can run the npm scripts present in `./npm/package.json` to run db specific migrations.
+
+Make sure you have set the correct value for `DB_ENGINE` environment variable as the migration script checks that to run correct command and migration file.
+
+NPM library option: `db.manualMigration`
+Default: `false`
+
 ### **DB_TTL**
 
 TTL for the code, session and token stores (in seconds)

docs/jackson/examples.md

@@ -10,7 +10,7 @@ description: Examples & Resources for our Enterprise SSO product
 
 - [Jackson with Next.js and NextAuth.js](https://github.com/boxyhq/jackson-examples/tree/main/apps/next-auth)
 - [Jackson with Remix and remix-auth](https://github.com/boxyhq/jackson-remix-auth)
-- [Jackson with React and client-side OAuth](https://github.com/boxyhq/jackson-examples/tree/main/apps/react)
+- [Jackson with React and client-side OAuth](https://github.com/boxyhq/jackson-examples/tree/main/apps/react-example)
 - [Jackson with Express.js](https://github.com/boxyhq/jackson-examples/tree/main/apps/express)
 - [Jackson with Supertokens and Express.js](https://github.com/boxyhq/jackson-supertokens-express)
 - [Jackson with Express.js and Auth0](https://github.com/boxyhq/express-jackson-auth0-demo)

docs/jackson/sso-flow/index.md

@@ -207,7 +207,7 @@ Jackson also supports the [OIDC flow](https://openid.net/specs/openid-connect-co
 
 Jackson has been designed to abstract the underlying SAML/OIDC login flow as a pure OAuth 2.0 flow. This means it's compatible with any standard OAuth 2.0 library out there, both client-side and server-side. It is important to remember that SSO Connection is configured per customer unlike OAuth 2.0 where you can have a single OAuth app supporting logins for all customers.
 
-Jackson also supports the PKCE authorization flow (<https://oauth.net/2/pkce/>), so you can protect your SPAs.
+Jackson also supports the [PKCE authorization flow](https://oauth.net/2/pkce/), so you can protect your SPAs.
 
 If for any reason you need to implement the flow on your own, the steps are outlined below:
 

docs/jackson/sso-providers/index.md

@@ -8,7 +8,7 @@ sidebar_label: SSO Providers
 SAML Jackson supports the following SSO providers:
 
 - [Generic SAML 2.0 Provider](./generic-saml.md)
-- [Azure](./azure.md)
+- [Microsoft Entra ID (formerly Azure AD)](./azure.md)
 - [Microsoft AD FS](./microsoft-adfs.md)
 - [Okta](./okta.md)
 - [Auth0](./auth0.md)

docs/jackson/upgrade.md

@@ -1,8 +1,12 @@
 # Upgrade Guide
 
+## Upgrading to v1.14.0
+
+We have changed the schema bit to introduce a new column called `namespace` to speed up scans. You will have to run the migration scripts if you are manually managing migrations. For example PlanetScale where auto migrations are not supported due to a difference between MySQL and PlanetScale.
+
 ## Upgrading to v1.11.0
 
-We have patched the SSO connection (`/api/v1/connections`) DELETE handler to accept payload (client/Secret or tenant/product/strategy) as part of query parameters. Earlier, the payload was expected to be part of the body which is non-standard and is no longer supported in Next.js. 
+We have patched the SSO connection (`/api/v1/connections`) DELETE handler to accept payload (client/Secret or tenant/product/strategy) as part of query parameters. Earlier, the payload was expected to be part of the body which is non-standard and is no longer supported in Next.js.
 
 ## Upgrading to v1.9.7
 

docs/retraced/apis/graphql.md

@@ -2,12 +2,12 @@
 
 The recommended way to search events using an API is to POST your query and variables to the appropriate Retraced GraphQL endpoint.
 
-| API        | Endpoint                                                                                          |
-| ---------- | ------------------------------------------------------------------------------------------------- |
-| Publisher  | <http://localhost:3000/auditlog/publisher/v1/project/{projectId}/graphql>                         |
-| Admin      | <http://localhost:3000/auditlog/admin/v1/project/{projectId}/environment/{environmentId}/graphql> |
-| Enterprise | <http://localhost:3000/auditlog/enterprise/v1/graphql>                                            |
-| Viewer     | <http://localhost:3000/auditlog/viewer/v1/graphql>                                                |
+| API        | Endpoint                                                                                            |
+| ---------- | --------------------------------------------------------------------------------------------------- |
+| Publisher  | `http://localhost:3000/auditlog/publisher/v1/project/{project_id}/graphql`                          |
+| Admin      | `http://localhost:3000/auditlog/admin/v1/project/{project_id}/environment/{environment_id}/graphql` |
+| Enterprise | `http://localhost:3000/auditlog/enterprise/v1/graphql`                                              |
+| Viewer     | `http://localhost:3000/auditlog/viewer/v1/graphql`                                                  |
 
 ## Search