docs: Add NetIQ documentation (#51703)

* docs: Add NetIQ documentation

This PR adds the documentation for NetIQ enrollment.

Signed-off-by: Tiago Silva <[email protected]>

* handle code review comments

Signed-off-by: Tiago Silva <[email protected]>

---------

Signed-off-by: Tiago Silva <[email protected]>

docs/pages/admin-guides/teleport-policy/integrations/netiq.mdx

@@ -0,0 +1,139 @@
+---
+title: Discover NetIQ Access Patterns with Teleport Policy
+description: Describes how to synchronize OpenTex NetIQ access patterns using Teleport Policy and Access Graph.
+---
+
+With Teleport Policy's Access Graph, you gain insights into your NetIQ organization
+structure, the resources each user can access, and the roles that grant them access.
+Access Graph provides a visual representation that enhances security and improves
+understanding of large NetIQ organizations.  
+
+Access Graph helps answer key questions such as:  
+
+- **Which resources does each user have access to?**  
+- **Which roles grant access to specific resources?**  
+
+Access Graph is a feature of the [Teleport Policy](https://goteleport.com/platform/policy/) product, available to **Teleport Enterprise edition** customers.  
+
+If enabled, Teleport Policy options can be found under the **Policy** section in the left navigation menu.  
+
+## How it works
+
+Access Graph synchronizes various NetIQ resources, including users, resources, roles, and groups.
+These resources are then visualized in a graph representation, detailed in the
+[Access Graph page](../teleport-policy.mdx).  
+
+The import process involves two primary steps:  
+
+### Querying NetIQ APIs
+
+The Teleport cluster continuously scans the configured NetIQ organization and retrieves the
+following resources:  
+
+- Users  
+- Groups  
+- Resources  
+- Roles (Business, Permissions, and IT Roles)  
+- Role and Group memberships  
+
+Once all necessary resources are fetched, Teleport pushes them to the Access Graph, 
+ensuring it remains updated with the latest information from your NetIQ organization.  
+
+### Importing resources
+
+Teleport Policy’s Access Graph processes the imported resources 
+and their relationships, generating a graphical representation
+to visualize access structures effectively.  
+
+
+## Prerequisites
+
+- A running Teleport Enterprise cluster v17.3.0 or later.
+- Teleport Policy enabled for your account.
+- An OpenTex NetIQ instance with a user that has read access to the organization.
+- For self-hosted clusters:
+  - Ensure that an up-to-date `license.pem` is used in the Auth Service configuration.
+  - A running Access Graph node v1.27.0 or later.
+Check the [Teleport Policy page](../teleport-policy.mdx) for details on
+how to set up Access Graph.
+  - The node running the Access Graph service must be reachable from the Teleport Auth Service.
+
+## Step 1/3. Create NetIQ IDM OAuth Client
+
+To register a new OAuth client with OSP (IDM Authorization Server), modify the OSP's
+`ism-configuration.properties` file.  
+
+The file is located in the `{osp-path}/tomcat/conf/` directory.  
+
+Define the following values:  
+
+- **ClientID**: <Var name="client-id" /> 
+- **Client Secret**: <Var name="client-secret" />.
+
+Users can store the OAuth Client Secret in the OSP `ism-configuration.properties` 
+file either in an encrypted or plaintext format. 
+For enhanced security, we strongly recommend encrypting the secret.
+
+<Tabs>
+<TabItem label="Encrypted secret" >
+
+To store the client secret in an encrypted format, run:  
+
+```code
+$ java -jar /opt/netiq/idm/apps/tomcat/lib/obscurity-*jar <Var name="client-secret" />
+```
+
+This command will generate an encrypted value:  
+
+```code
+InSKM1mSmpWfjPk6etI/...
+```
+
+Then, update `ism-configuration.properties` by adding:  
+
+```code
+com.example.<Var name="client-id" />.clientID = <Var name="client-id" />
+com.example.<Var name="client-id" />.clientPass._attr_obscurity = ENCRYPT
+com.example.<Var name="client-id" />.clientPass = <Var name="InSKM1mSmpWfjPk6etI/...." />
+```
+
+</TabItem>
+<TabItem label="Plaintext secret" >
+
+For plaintext storage, update `ism-configuration.properties` with:  
+
+```code
+com.example.<Var name="client-id" />.clientID = <Var name="client-id" />
+com.example.<Var name="client-id" />.clientPass = <Var name="client-secret" />
+```
+
+</TabItem>
+</Tabs>
+
+Once the file is updated, restart OSP to apply the new settings.  
+
+## Step 2/3. Set up Access Graph NetIQ Sync
+
+To configure NetIQ Sync, run the following command:  
+
+```code
+$ tctl plugins install netiq
+
+```
+
+The wizard will prompt for:  
+
+- **IDM OSP address** – Typically `https://idm.example.com/osp` or `https://osp.idm.example.com`  
+- **IDM API address** – Typically `https://idm.example.com/IDMProv` or `https://idmapps.idm.example.com`  
+- **OSP OAuth Client & Secret** – Values configured in **Step 1**  
+- **IDM User & Password** – A user with organization read access  
+
+After completing the setup, the wizard will create the necessary
+Teleport resources and start synchronization.  
+
+
+## Step 3/3. View NetIQ resources in Access Graph
+
+Once NetIQ resources are imported, navigate to the Access Graph page to visualize them.  
+
+The graph representation will display the relationships between users, groups, roles and resources within your organization.