diff --git a/_vendor/modules.txt b/_vendor/modules.txt
index 3b1f283868..49cb42620e 100644
--- a/_vendor/modules.txt
+++ b/_vendor/modules.txt
@@ -14,7 +14,7 @@
# github.com/chef/compliance-profiles/docs-chef-io v0.0.0-20240306070238-713aa7a8dd8e
# github.com/chef/compliance-remediation-2022/docs-chef-io v0.0.0-20240313054833-ebbc45209efa
# github.com/chef/license-service/docs-chef-io v0.0.0-20231117105514-d3f3d53ba2dd
-# github.com/chef/chef-docs-theme v0.0.0-20240528150035-cb21f24f1e5a
+# github.com/chef/chef-docs-theme v0.0.0-20240620121322-6e139ab547c0
# github.com/FortAwesome/Font-Awesome v0.0.0-20240108205627-a1232e345536
# github.com/cowboy/jquery-hashchange v0.0.0-20100902193700-0310f3847f90
# github.com/twitter/hogan.js v3.0.2+incompatible
diff --git a/config/_default/menu.toml b/config/_default/menu.toml
index 3ac8dcb6c9..d37196df27 100644
--- a/config/_default/menu.toml
+++ b/config/_default/menu.toml
@@ -424,7 +424,6 @@ identifier = "server"
# Chef Infra Menu
####
-
[[infra]]
title = "Chef Infra"
identifier = "chef_infra"
@@ -644,6 +643,18 @@ identifier = "chef_infra"
# End Chef Infra Menu
####
+####
+# Chef SaaS Menu
+####
+
+[[saas]]
+title = "Chef SaaS"
+identifier = "chef_saas"
+
+####
+# End Chef SaaS Menu
+####
+
####
# Chef Workstation Menu
####
diff --git a/config/_default/params.toml b/config/_default/params.toml
index 811767add2..8710a694bd 100644
--- a/config/_default/params.toml
+++ b/config/_default/params.toml
@@ -1,6 +1,6 @@
## The order of the menus (e.g. menu.infra, menu.inspec, etc...) in the left nav menu
## is set by the menuOrder parameter below.
-menuOrder = ["overview", "automate", "desktop", "habitat", "infra", "server", "inspec", "workstation", "effortless", "supermarket", "release_notes", "legacy", "extra"]
+menuOrder = ["overview", "automate", "desktop", "habitat", "infra", "server", "inspec", "saas", "workstation", "effortless", "supermarket", "release_notes", "legacy", "extra"]
enable_search = true
robots = ''
diff --git a/content/saas/_index.md b/content/saas/_index.md
new file mode 100644
index 0000000000..0f7ade8c66
--- /dev/null
+++ b/content/saas/_index.md
@@ -0,0 +1,34 @@
++++
+title = "Chef SaaS Overview"
+draft = false
+
+[cascade]
+ product = ["saas"]
+
+[menu]
+ [menu.saas]
+ title = "Overview"
+ identifier = "chef_infra/Overview"
+ parent = "chef_saas"
+ weight = 10
++++
+
+Chef SaaS offers unmatched secure infrastructure automation and compliance management from the cloud to control all essential resources.
+
+## Chef Infrastructure Management
+
+Ensure configurations are applied consistently in every environment with Infrastructure Management automation.
+
+## Chef Cloud Security
+
+End-to-end security management software that prevents security incidents and maintains compliance across your cloud-native assets.
+
+## Chef Compliance
+
+Maintain compliance and prevent security incidents across heterogeneous estates while improving speed and efficiency.
+
+## Chef Desktop
+
+Empowering IT resource managers through automation to improve efficiency while reducing risk across IT resources.
+
+To find out more about the configuration for Chef SaaS, refer to the [Get Started with Chef SaaS](/saas/get_started/) page.
diff --git a/content/saas/get_started.md b/content/saas/get_started.md
new file mode 100644
index 0000000000..90aa3c09f8
--- /dev/null
+++ b/content/saas/get_started.md
@@ -0,0 +1,154 @@
++++
+title = "Get Started with Chef SaaS"
+draft = false
+[menu]
+ [menu.saas]
+ title = "Get Started"
+ identifier = "chef_infra/Get Started with Chef SaaS"
+ parent = "chef_saas"
+ weight = 20
++++
+
+This guide explains how to set up and configure Chef SaaS. For details on how to migrate from AWS OpsWorks, refer to the following page: [AWS OpsWorks migration](/saas/opsworks_migration/).
+
+## Prerequisites
+
+Chef SaaS has the following prerequisites:
+
+- You must have a system with [Chef Workstation installed](/workstation/install_workstation/).
+
+- Chef SaaS Starter Kit (provided by Progress Chef):
+ - SaaS Environment URL
+ - SaaS Credentials
+ - Pivotal PEM file for the initial setup of the environment. This PEM file is temporary and is replaced later.
+
+## Add Chef Infra Server in Chef SaaS
+
+Follow these steps in Chef SaaS to add a Chef Infra Server:
+
+1. Select **Infrastructure** in the top navigation.
+1. Select **Chef Infra Servers** in the navigation on the left.
+1. Select **Add Chef Infra Server**.
+1. Fill out the fields as follows:
+ - Provide a unique name for the Chef Infra Server.
+ - Enter the FQDN by copying the same URL used to connect to Chef SaaS, for example: `saas.example.com`.
+
+ {{< figure src="/images/saas/add-chef-server-popup-menu.png" width="500" alt="Enter Chef Infra Server name and FQDN in the Add Chef Infra Server dialog.">}}
+
+1. Select **Add Chef Infra Server**.
+
+## Configure Chef Workstation
+
+For details on configuring Chef Workstation, refer to the following sections.
+
+1. Create a Chef credentials file on your local workstation:
+
+ ```sh
+ knife configure init
+ ```
+
+ This prompts you with several questions:
+
+ - Enter the Chef Infra Server URL provided in the Starter Kit, for example: `saas.example.com`.
+ - For the existing API **username** or **client_name**, enter the superuser account provided in the Chef SaaS Starter Kit.
+
+ This creates a credentials file in the `~/.chef` directory with contents similar to the following:
+
+ ```ruby
+ [default]
+ client_name - 'pivotal'
+ client_key = '/home/admin/.chef/pivotal.pem'
+ chef_server_url - 'https://saas.example.com'
+ ```
+
+1. Copy the `pivotal.pem` file from the Chef SaaS Starter Kit to the `~/.chef` directory.
+
+ This gives you the proper credentials to connect to Chef SaaS in the following steps.
+
+1. Create an organization using the [`knife org create`](/workstation/knife_org/) command. This organization acts as a top-level entity for role-based access control.
+
+ ```sh
+ knife org create ""
+ ```
+
+ Replace:
+
+ - `` with the user's organization name.
+ - `` with the organization's full name.
+
+ This returns a private key for the organization's validator client.
+
+1. Create a new user associated with the new organization and use the credentials file:
+
+ ```sh
+ knife user create --email --password
+ ```
+
+ Replace:
+
+ - `` with the user's username.
+ - `` with the user's e-mail address.
+ - `` with the user's password.
+
+ Copy the new `.pem` file created with this command to the `~/.chef` directory before updating the credentials file later in this document.
+
+1. Add the new user to the organization using the [`knife org user`](/workstation/knife_org/) command:
+
+ ```sh
+ knife org user add
+ ```
+
+ In the above code, replace:
+
+ - `` with user's organization name.
+ - `` with the user's username.
+
+1. Open the credentials file in the `~/.chef` directory and update the following values:
+
+ - `client_name` to the new account created.
+ - `client_key` to the new PEM file that was created.
+ - `chef_server_url` to include the new organization.
+
+ An example of the credentials in the `~/.chef` directory is as follows:
+
+ ```ruby
+ [default]
+ client_name - 'CLIENT_NAME'
+ client_key = '/home/admin/.chef/.pem'
+ chef_server_url - 'https://saas-example.com'
+ ```
+
+## Configure Chef Saas
+
+The following steps add the organization to Chef SaaS. Connect to the URL provided by Progress Chef and log in with the admin account credentials:
+
+1. Select **Infrastructure** in the top navigation.
+1. Select **Chef Infra Servers** in the navigation on the left.
+1. Select the **Chef Infra Server** created previously.
+1. Select **Add Chef Organization** and:
+ - Provide the **Name** of the organization created using knife.
+ - For **Admin User**, enter the new account created using knife.
+ - For **Admin Key**, paste the contents of the new PEM file created with the user account.
+ - Select **Add Chef Organization**.
+
+ {{< figure src="/images/automate/add-chef-organization-popup-menu.png" width="350" alt="Add Chef Organization Form">}}
+
+### Verify the SSL configuration
+
+Chef SaaS uses public certificates to ensure a secure connection to the service. To eliminate connection issues, verify the SSL connection and the certificate.
+
+- Verify the connection with the new organization:
+
+ ```cd
+ knife ssl check
+ ```
+
+### Verify the client connection
+
+- Finally, verify a successful connection to the new organization:
+
+ ```sh
+ knife client list
+ ```
+
+ This returns a list of Infra Client nodes and workstations that are registered with a Chef Infra Server.
diff --git a/content/saas/opsworks_migration.md b/content/saas/opsworks_migration.md
new file mode 100644
index 0000000000..3df57ac3a6
--- /dev/null
+++ b/content/saas/opsworks_migration.md
@@ -0,0 +1,98 @@
++++
+title = "Migrate from AWS OpsWorks to Chef SaaS"
+draft = false
+[menu]
+ [menu.saas]
+ title = " AWS OpsWorks Migration"
+ identifier = "chef_infra/OpsWorks Migration"
+ parent = "chef_saas"
+ weight = 30
++++
+
+This guide describes the migration scenarios from AWS OpsWorks to Chef SaaS.
+
+## Prerequisites
+
+The following prerequisites must be in place before migrating from AWS OpsWorks to Chef SaaS:
+
+- AWS OpsWorks must be running Chef Automate 2.0.
+- A Chef SaaS environment must be configured. Refer to the [Getting Started with Chef SaaS](/saas/get_started/) page.
+- An S3 bucket must be provided from Progress Chef.
+
+## Backup AWS OpsWorks
+
+AWS OpsWorks for Chef Automate can have two configuration setups:
+
+- cluster with SSH access
+- cluster without SSH access
+
+Both types of clusters have SSM access. You should be able to log in to the AWS OpsWorks Chef Automate instance and follow the steps to create a backup. By default, AWS OpsWorks has the manual backup feature, which creates a backup in S3. You can use the S3 backup if you can't log in to an instance using SSH/SSM.
+
+### Back up AWS OpsWorks using SSH/SSM
+
+If you have SSH/SSM access, follow these steps to create a backup:
+
+1. Log in to the AWS OpsWorks EC2 instance using SSH/SSM from the EC2 console.
+1. Create a `patch.toml` as shown in the following code snippet:
+
+ ```sh
+ [global.v1.backups]
+ location = "filesystem"
+
+ [global.v1.backups.filesystem]
+ path = "/var/opt/chef-automate/backups/"
+ ```
+
+1. Apply the patch:
+
+ ```sh
+ chef-automate config patch patch.toml
+ ```
+
+ Check the Chef Automate status and wait for all services to turn healthy.
+
+1. Back up your Chef Automate data:
+
+ ```sh
+ sudo chef-automate backup create
+ sudo chef-automate bootstrap bundle create bootstrap.abb
+ ```
+
+ Once the backup process is complete, Chef Automate returns a **Success** message. The backup data is available in `/var/opt/chef-automate/backups/`.
+
+1. Zip the backup and share it with the Chef team. Include the `timestamp-based directory`, `automate-elasticsearch-data`, `.tmp` directory, and `bootstrap.abb`.
+
+ ```sh
+ [root@ip-10-200-140-7 backups]# ls -a /var/opt/chef-automate/backups/
+ 20230605230117 automate-elasticsearch-data .tmp bootstrap.abb
+
+ [root@ip-10-200-140-7 backups]# zip -r backup.zip automate-elasticsearch-data 20230605230117 .tmp bootstrap.abb
+ [root@ip-10-200-140-7 backups]# ls -a
+ 20230605230117 automate-elasticsearch-data .tmp bootstrap.abb backup.zip
+ ```
+
+ You can share the backup using pre-signed URLs. The SOP provides steps for sharing the backup with the Chef team.
+
+### Back up AWS OpsWorks using the AWS Management Console
+
+If you don't have SSH/SSM access, follow these steps to create a backup:
+
+1. Go to the **AWS OpsWorks** console.
+1. Choose the server to back up on the **Chef Automate servers** page.
+1. On the properties page for the Chef Infra Server, in the left navigation pane, select **Backups**.
+1. Select **Create backup**.
+1. The manual backup is finished when the page shows a green checkmark in the backup's **Status** column.
+
+ {{< figure src="/images/saas/saas-status-column.png" alt="Chef Automate showing list of backups on AWS OpsWorks.">}}
+
+1. In the AWS S3 console, find the AWS OpsWorks bucket where the backups are stored.
+
+ {{< figure src="/images/saas/saas-aws-console.png" alt="AWS S3 console showing list of Automate server backups.">}}
+
+1. Zip the latest `timestamp-based` directory and `automate-elasticsearch-data` directory and share it with the Chef team.
+
+Progress Chef engineers handle the restoration process. Your account manager will notify you when the restoration is complete.
+
+## Verify the restore
+
+When the restore is complete, log into Chef SaaS. You will see data in the environment up to the day of the backup including users, cookbooks, Infra Client runs.
diff --git a/content/saas/register_nodes.md b/content/saas/register_nodes.md
new file mode 100644
index 0000000000..e124e010f8
--- /dev/null
+++ b/content/saas/register_nodes.md
@@ -0,0 +1,60 @@
++++
+title = "Redirect existing nodes to Chef SaaS"
+draft = false
+[menu]
+ [menu.saas]
+ title = "Redirect nodes"
+ identifier = "chef_infra/Register Nodes to Chef SaaS Environment"
+ parent = "chef_saas"
+ weight = 50
++++
+
+After you've migrated to Chef SaaS, you must redirect Chef Infra Client nodes from AWS OpsWorks to Chef SaaS. This guide provides recommendations on how to accomplish this.
+
+## Prerequisites
+
+The following are prerequisites for migrating nodes from AWS OpsWorks to Chef SaaS:
+
+- AWS OpsWorks must be running Chef Automate 2.0.
+- A Chef SaaS environment must be configured. Refer to the [Getting Started with Chef SaaS](/saas/get_started/) page.
+- Restoration is performed on AWS OpsWorks for Chef SaaS.
+- Splay mode and baseline are up to two client runs an hour. Refer to the [Chef Infra Client](/ctl_chef_client/) page for more details on configuring splay mode in the `client.rb` file.
+- There must be one compliance scan per hour.
+
+## Redirect nodes to Chef SaaS
+
+Progress Chef developed a cookbook that can run against all nodes under management in the AWS OpsWorks environment. This cookbook redirects all nodes to the new Chef SaaS instance.
+
+To redirect nodes from AWS OpsWorks to Chef SaaS:
+
+1. Create a [new cookbook](/cookbooks/#generate-a-cookbook).
+1. Update the [Policyfile](/config_rb_policyfile/) with the following content:
+
+ ```ruby
+ # Policyfile.rb Describe how you want Chef Infra Client to build your system.
+ #
+ # For more information on the Policyfile feature, visit https://docs.chef.io/policyfile
+
+ # A name that describes the system you are building with Chef docs.
+ name 'your_client'
+
+ # Where to find external cookbooks:
+ default_source :supermarket
+
+ # run_list: chef_client runs the recipes in the order specified.
+ run_list 'your_client::default'
+
+ # Specify a custom source for a single cookbook:
+ cookbook 'your_client', path: '.'
+ ```
+
+1. Add attributes for the new and old server:
+
+ `default['your_client']['chef_server_old'] = ''`
+
+ `default['your_client']['chef_server_new'] = ''`
+
+1. Upload the new cookbook to your server on AWS OpsWorks.
+1. Log in to Chef SaaS after the next Infra Client run to verify that the nodes have redirected to Chef SaaS.
+
+Contact your SA if you need help.
diff --git a/content/saas/sso.md b/content/saas/sso.md
new file mode 100644
index 0000000000..de9f3bc396
--- /dev/null
+++ b/content/saas/sso.md
@@ -0,0 +1,96 @@
++++
+title = "Configure SSO for Chef SaaS"
+draft = false
+
+[menu]
+ [menu.saas]
+
+ title = "Configure SSO"
+ identifier = "chef_infra/Configure SSO"
+ parent = "chef_saas"
+ weight = 40
++++
+
+Single Sign-On (SSO) is an authentication method that enables you to securely authenticate and use all services with just one set of credentials.
+
+## Chef SaaS SAML configuration
+
+Chef SaaS users can log in using a SAML-based external Identity Provider (IdP).
+
+Chef SaaS supports the following IdPs:
+
+{{< readfile file="content/automate/reusable/md/saml_supported_identity_providers.md" >}}
+
+### Add SAML configuration
+
+{{< note >}}It is crucial to note that your account must hold the Administrator policy to access the SSO user interface. This policy is automatically granted to members of the admin team.{{< /note >}}
+
+Use the following instructions to add a SAML configuration in Chef SaaS.
+
+1. Log in to your Chef SaaS account and append `/sso` to your fully qualified domain name in your browser toolbar. For example, `https://automate.example.com/sso`.
+
+1. On the Chef SaaS SSO page, enter the following information:
+
+ SSO URL
+ : The single sign-on URL provided by the IdP.
+ : _Required_
+
+ Email Attribute
+ : The user email attribute is set in the IdP.
+ : _Required_
+
+ Username Attribute
+ : The username attribute set in the IdP.
+ : _Required_
+
+ Entity Issuer URL
+ : The authorization callback URL of your Chef SaaS deployment. The URL is your Chef SaaS deployment's Fully Qualified Domain Name (FQDN) appended with `dex/callback`. For example, `https://automate.example.com/dex/callback`.
+ : _Required_
+
+ CA Certificate
+ : The full certificate provided by the IdP. Include `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----` at the beginning and end of the certificate string.
+ : _Required_
+
+ Group Attribute
+ : The group attribute in the SAML assertion.
+ If not provided, users authenticating with SSO will not be a member of any [team]({{< relref "/automate/teams" >}}).
+ : _Optional_
+
+ Allowed Groups
+ : The groups in the IdP that have SSO access to Chef SaaS.
+ : _Optional_
+
+ Name ID Policy Format
+ : The name identifier format used in the SAML AuthnRequest.
+ : _Required for Microsoft 365 and Azure AD_
+ : Default value: `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent`.
+ : Possible values:
+ - `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress`
+ - `urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified`
+ - `urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName`
+ - `urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName`
+ - `urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted`
+ - `urn:oasis:names:tc:SAML:2.0:nameid-format:entity`
+ - `urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos`
+ - `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent`
+ - `urn:oasis:names:tc:SAML:2.0:nameid-format:transient`
+
+1. After entering these fields, select **Submit** to add the user SSO configuration. After Chef SaaS validates all form values, the **Submit** button is enabled.
+
+ The SSO page refreshes, showing the filled-in SAML configuration fields with a message at the top that says, "SSO Request is complete. Config applied successfully."
+
+If the new SSO configuration fails, you can edit and submit the form again.
+
+### Delete the SAML configuration
+
+Your account must have the [Administrator policy]({{< relref "/automate/policies" >}}) to access the SSO user interface. Members of the [admins team]({{< relref "/automate/teams" >}}) have this by default.
+
+As a user with the Administrator policy, you have the power to manage your SSO configurations. You can remove an existing SAML configuration in Chef SaaS by following these steps:
+
+1. Log in to your Chef SaaS account and append `/sso` to your FQDN in your browser toolbar. For example, `https://automate.example.com/sso`.
+
+1. Select **Remove Configuration** on the Chef SaaS SSO page.
+
+1. A dialog box asks you to confirm that you want to remove the configuration. Select **Remove** to remove the SSO configuration.
+
+ The SSO page refreshes, showing empty SAML configuration fields and a message at the top that says, "SSO Request is complete. Config removed successfully."
diff --git a/go.mod b/go.mod
index 143de582f1..3bff1f8278 100644
--- a/go.mod
+++ b/go.mod
@@ -4,7 +4,7 @@ go 1.22
require (
github.com/chef/automate/components/docs-chef-io v0.0.0-20240306133449-4e982f867599 // indirect
- github.com/chef/chef-docs-theme v0.0.0-20240528150035-cb21f24f1e5a // indirect
+ github.com/chef/chef-docs-theme v0.0.0-20240620121322-6e139ab547c0 // indirect
github.com/chef/chef-server/docs-chef-io v0.0.0-20240530151056-7940d04f6096 // indirect
github.com/chef/chef-workstation/docs-chef-io v0.0.0-20240604075832-44857ee271a3 // indirect
github.com/chef/compliance-profiles/docs-chef-io v0.0.0-20240306070238-713aa7a8dd8e // indirect
diff --git a/go.sum b/go.sum
index 7dab6cf620..ee9f1a1197 100644
--- a/go.sum
+++ b/go.sum
@@ -1,7 +1,7 @@
github.com/chef/automate/components/docs-chef-io v0.0.0-20240306133449-4e982f867599 h1:vya+2EqafWQi5osINw4CRrmoDNfZ3LJjrAplqpMc7eA=
github.com/chef/automate/components/docs-chef-io v0.0.0-20240306133449-4e982f867599/go.mod h1:juvLC7Rt33YOCgJ5nnfl4rWZRAbSwqjTbWmcAoA0LtU=
-github.com/chef/chef-docs-theme v0.0.0-20240528150035-cb21f24f1e5a h1:lgyy1NLw4xbkjDcgG/bOPvBScNgKawe8hxyhDomCoPg=
-github.com/chef/chef-docs-theme v0.0.0-20240528150035-cb21f24f1e5a/go.mod h1:+Jpnv+LXE6dXu2xDcMzMc0RxRGuCPAoFxq5tJ/X6QpQ=
+github.com/chef/chef-docs-theme v0.0.0-20240620121322-6e139ab547c0 h1:nclinFh5gydzfhQ4EhTQYIP87V5CZ5kRKB5ezrBvTR4=
+github.com/chef/chef-docs-theme v0.0.0-20240620121322-6e139ab547c0/go.mod h1:+Jpnv+LXE6dXu2xDcMzMc0RxRGuCPAoFxq5tJ/X6QpQ=
github.com/chef/chef-server/docs-chef-io v0.0.0-20240530151056-7940d04f6096 h1:eMIkzw2xoFc8a+eShc0gXkzw3SKbfrTtAoPwk6o6/iM=
github.com/chef/chef-server/docs-chef-io v0.0.0-20240530151056-7940d04f6096/go.mod h1:gMSa25GUHmLimA0gjvRd3hs1buOBqkKPrdHzHvaJauY=
github.com/chef/chef-workstation/docs-chef-io v0.0.0-20240604075832-44857ee271a3 h1:YaTYy00NbQlfAKBnR7dIvI3kFf6QP14iP2rWVqAXXCQ=
diff --git a/static/images/saas/add-chef-server-popup-menu.png b/static/images/saas/add-chef-server-popup-menu.png
new file mode 100644
index 0000000000..6b24081336
Binary files /dev/null and b/static/images/saas/add-chef-server-popup-menu.png differ
diff --git a/static/images/saas/saas-aws-console.png b/static/images/saas/saas-aws-console.png
new file mode 100644
index 0000000000..7eba4fea49
Binary files /dev/null and b/static/images/saas/saas-aws-console.png differ
diff --git a/static/images/saas/saas-status-column.png b/static/images/saas/saas-status-column.png
new file mode 100644
index 0000000000..4f981cea74
Binary files /dev/null and b/static/images/saas/saas-status-column.png differ