Develop documentation for Okta (#15995)

* Develop documentation for Okta
Fixes #13868

frontend-react/docs/okta.md

@@ -0,0 +1,13 @@
+# Okta-side configuration
+
+Our frontend is configured to identify as the "Web" application.
+
+## Dev-side configuration
+
+Our use of okta in frontend is configured by the following environment variables whose values can be found in the application listing within Okta:
+-VITE_OKTA_CLIENTID
+-VITE_OKTA_URL
+
+These variables can be assigned locally for local development (.env.*.local) or by github actions (using values in secrets storage either in github itself or azure).
+
+We use Okta's [Embedded Sign-In Widget for React](https://developer.okta.com/docs/guides/sign-in-to-spa-embedded-widget/react/main/), which includes other Okta-related libraries for react, to handle okta workflows.

prime-router/docs/getting-started/swagger.md

@@ -62,15 +62,15 @@ Starting from the Okta section in the `Authorize` menu
 
 1. Login to OKTA as an administrator and click the "Admin" button in the top-right
 2. In the left pane, navigate Applications -> applications
-3. In the resulting right pane, select the instance to be configured (e.g. `Simple Report (localdev)`)
+3. In the resulting right pane, select the instance to be configured (e.g. `Swagger`)
 4. Viewing the details of the instance, you will see a `client_id` and `client_secret` (be sure to mask these values)
 5. Under General Settings, ensure the "Authorization Code" flow is checked
 6. Under Login, ensure this value appears in the sign-in redirect URI list:  
    `http://127.0.0.1:10000/devstoreaccount1/apidocs/oauth2-redirect.html`
 7. Ensure the application instance is associated with your OKTA account. Select assignment at the top of the page and 
    ensure your username is selected. 
-8. You need to associate "Simple Report (localdev)" with you - your OKTA account (your email/password/MFA)
-   To do so, click the assignment on top of the page and you will see all the users : Joe Smith, Jane Doe etc., select your user name, and you will be tied to the app - Simple Report (localdev)
+8. You need to associate "Swagger" with you - your OKTA account (your email/password/MFA)
+   To do so, click the assignment on top of the page and you will see all the users : Joe Smith, Jane Doe etc., select your user name, and you will be tied to the app - Swagger
 
 #### Server-to-server
 

prime-router/docs/okta/admin-management.md

@@ -0,0 +1,39 @@
+# Admin Management
+
+More details about the organization within okta can be found in [this doc](https://cdc.sharepoint.com/:p:/r/teams/ReportStream/_layouts/15/Doc.aspx?sourcedoc=%7B313111b2-502c-4f60-ac8c-bbcf3c9b1dab%7D&action=edit&wdPreviousSession=a28aeb1e-02b3-b6be-49ab-cafb30120e6f)
+
+Okta admin potential responsibility areas are:
+- App registry management
+- User/group management
+- Security configuration management
+- Log checking
+
+ReportStream's Okta has the following specialized admin roles for team members:
+- Owners
+- Support Team
+- Onboarding Engineers
+- Front-end Engineers
+- Tech Leads
+
+
+## App registry management
+
+The app registry page can be found by the following side-navigation: Applications > Applications.
+
+All reportstream-developed programs with authentication elements should be configured towards an application listed on this page.
+
+
+## User/Group management
+
+Accessible via the side-navigation: Directory > People or Directory > Groups
+
+## Security configuration management
+
+The policies are enforced in the following order (accessed through "Security" in side-navigation):
+- Global Session Policy
+- Authentication Policy
+- Password Policy (from side-navigation: Security > Authenticators > Click Actions for the "Password" table line > Edit)
+
+## Log checking
+
+The global log can be accessed from side-navigation: Reports > System Log. They can also be filtered by user by going to the user's management page (side-navigation: Directory > People) and clicking "View Logs".

prime-router/docs/onboarding-users/receivers.md

@@ -176,7 +176,7 @@ output here: `/prime-router/build/sftp`
 
 ### 5. Create access to the Download site
 
-* If the organization has elected for download access, set up an Okta account.
+* If the organization has elected for download access, [set up an Okta account](./okta-account-creation.md).
 * If you are testing in Test, obviously you'll need to set up access to that download site.
 
 ### 6. Validation in Prod