[HOPSWORKS-2872] Login project docs (logicalclocks#980)

.gitignore

@@ -125,3 +125,4 @@ src/main/setup/glassfish-resources.xml
 /hopsworks-web/yo/nbproject/
 /hopsworks-cluster/src/main/webapp/node_modules/
 /hopsworks-cluster/src/main/webapp/vendor/
+/site/

docs/admin/auth.md

@@ -0,0 +1,30 @@
+# Authentication Methods
+
+To configure Authentication methods click on your name in the top right corner of the navigation bar and choose 
+*Cluster Settings* from the dropdown menu.
+In the **Cluster Settings** _Authentication_ tab you can configure how users authenticate.
+
+1. **TOTP Two-factor Authentication**: can be _disabled_, _optional_ or _mandatory_. If set to mandatory all users are 
+   required to set up two-factor authentication when registering. 
+
+    !!! note
+
+        If two-factor is set to _mandatory_ on a cluster with preexisting users all users will need to go through  
+        lost device recovery step to enable two-factor. So consider setting it to _optional_ first and allow users to 
+        enable it before setting it to mandatory.
+
+2. **OAuth2**: if your organization already have an identity management system compatible with 
+   [OpenID Connect (OIDC)](https://openid.net/connect/) you can configure Hopsworks to use your identity provider 
+   by enabling **OAuth** as shown in the figure below. After enabling OAuth 
+   you can register your identity provider by clicking on **Add Identity Provider** button. See
+   [Create client](./oauth2/create-client.md) for details.
+
+<figure>
+  <a  href="../../assets/images/admin/auth-config.png">
+    <img src="../../assets/images/admin/auth-config.png" alt="Authentication config" />
+  </a>
+  <figcaption>Setup Authentication Methods</figcaption>
+</figure>
+
+In the figure above we see a cluster with Two-factor authentication disabled and Oauth enabled with one registered 
+identity provider called Keycloak (Keycloak is an open Source Identity and Access Management system). 

docs/admin/oauth2/create-client.md

@@ -0,0 +1,44 @@
+# Register Identity Provider in Hopsworks
+
+Before registering your identity provider in Hopsworks you need to create a client application in your identity provider and 
+acquire a _client id_ and a _client secret_. An example on how to create a client using [Okta](https://www.okta.com/) 
+identity provider can be found [here](./create-okta-client.md).
+
+After acquiring the _client id_ and _client secret_ create the client in Hopsworks by [enabling OAuth2](../auth.md)
+and clicking on _add another identity provider_ in the [Authentication configuration page](../auth.md). Then set 
+base uri of your identity provider in _Connection URL_ give a name to your identity provider (the name will be used 
+in the login page as an alternative login method) and set the _client id_ and _client secret_ in their respective 
+fields,  as shown in the figure below.
+
+<figure>
+  <a  href="../../../assets/images/admin/oauth2/register-app.png">
+    <img src="../../../assets/images/admin/oauth2/register-app.png" alt="Application overview" />
+  </a>
+  <figcaption>Application overview</figcaption>
+</figure>
+
+- _Connection URL_: (provider Uri) is the base uri of the identity provider's API (URI should contain scheme http:// or 
+  https://). 
+
+Additional configuration can be set here:
+
+- _Verify email_: if checked only users with verified email address (in the identity provider) can log in to Hopsworks. 
+- _Code challenge_: if your identity provider requires code challenge for authorization request check 
+  the _code challenge_ check box. This will allow you to choose code challenge method that can be either _plain_ or 
+  _S256_.
+- _Logo URL_: optionally a logo URL to an image can be added. The logo will be shown on the login page with the name 
+  as shown in the figure below.
+
+  <figure>
+    <a  href="../../../assets/images/auth/oauth2.png">
+      <img width="400px" src="../../../assets/images/auth/oauth2.png" alt="OAuth2 login" />
+    </a>
+    <figcaption>Login with OAuth2</figcaption>
+  </figure>
+
+!!! note
+
+    When creating a client make sure you can access the provider metadata by making a GET request on the well known 
+    endpoint of the provider. The well-known URL, will typically be the _Connection URL_ plus 
+    `.well-known/openid-configuration`. For the above client it would be 
+    `https://dev-86723251.okta.com/.well-known/openid-configuration`.

docs/admin/oauth2/create-okta-client.md

@@ -0,0 +1,58 @@
+# Create An Application in Okta
+
+This example uses an Okta development account to create an application that will represent a Hopsworks client in the 
+identity provider. To create a developer account go to [Okta developer](https://developer.okta.com/signup/).
+
+After creating a developer account register a client by going to _Applications_ and click on **Create App Integration**.
+
+  <figure>
+    <a  href="../../../assets/images/admin/oauth2/okta.png">
+      <img src="../../../assets/images/admin/oauth2/okta.png" alt="Okta Applications" />
+    </a>
+    <figcaption>Okta Applications</figcaption>
+  </figure>
+
+This will open a popup as shown in the figure below. Select **OIDC** as _Sign-in-method_ and **Web Application** as 
+_Application type_ and click next.
+  <figure>
+    <a  href="../../../assets/images/admin/oauth2/create-new-app.png">
+      <img src="../../../assets/images/admin/oauth2/create-new-app.png" alt="Create New Application" />
+    </a>
+    <figcaption>Create new Application</figcaption>
+  </figure>
+
+Give your application a name and select **Client credential** as _Grant Type_. Then add a _Sign-in redirect URI_ 
+that is your Hopsworks cluster domain name (including the port number if needed) with path _/callback_, and a _Sign-out 
+redirect URI_ that is Hopsworks cluster domain name (including the port number if needed) with no path.
+
+  <figure>
+    <a  href="../../../assets/images/admin/oauth2/new-web-app.png">
+      <img src="../../../assets/images/admin/oauth2/new-web-app.png" alt="New Application" />
+    </a>
+    <figcaption>New Application</figcaption>
+  </figure>
+
+If you want to limit who can access your Hopsworks cluster select _Limit access to selected groups_ and 
+select group(s) you want to give access to. Here we will allow everyone in the organization to access the cluster.
+
+  <figure>
+    <a  href="../../../assets/images/admin/oauth2/assignments.png">
+      <img src="../../../assets/images/admin/oauth2/assignments.png" alt="Group assignment" />
+    </a>
+    <figcaption>Group assignment</figcaption>
+  </figure>
+
+After the application is created go back to _Applications_ and click on the application you just created. Use the
+_Okta domain_ (_Connection URL_), _client id_ and _client secret_ generated for your app in the [client registration](./create-client.md) in Hopsworks.
+
+  <figure>
+    <a  href="../../../assets/images/admin/oauth2/overview.png">
+      <img src="../../../assets/images/admin/oauth2/overview.png" alt="Application overview" />
+    </a>
+    <figcaption>Application overview</figcaption>
+  </figure>
+
+!!! note
+
+    When copying the domain in the figure above make sure to add the url scheme (http:// or https://) when using it 
+    in the _Connection URL_ in the [client registration form](./create-client.md).

docs/compute/auth/login.md

@@ -0,0 +1,35 @@
+# Login to Hopsworks
+
+After your account is validated by an administrator you can use your email and password to login.
+
+  <figure>
+    <a  href="../../../assets/images/auth/login.png">
+      <img width="400px" src="../../../assets/images/auth/login.png" alt="Login" />
+    </a>
+    <figcaption>Login with password</figcaption>
+  </figure>
+
+If second factor authentication is enabled you will be presented with a second factor authentication window after you 
+enter your password. Use your authenticator app
+(example. [Google Authenticator](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en&gl=US))
+on your phone to get a one-time password.
+
+<figure>
+  <a  href="../../../assets/images/auth/otp.png">
+    <img width="400px" src="../../../assets/images/auth/otp.png" alt="Second factor" />
+  </a>
+  <figcaption>One time password</figcaption>
+</figure>
+
+Upon successful login, you will arrive at the landing page:
+
+  <figure>
+    <a  href="../../../assets/images/project/landing-page.png">
+      <img alt="landing page" src="../../../assets/images/project/landing-page.png">
+    </a>
+    <figcaption>Landing page</figcaption>
+  </figure>
+
+In the landing page, you will find two buttons. Use these buttons to either create a 
+[demo project](../project/demoProject.md) or  [a new project](../project/createProject.md).
+

docs/compute/auth/oauth2.md

@@ -0,0 +1,30 @@
+# Login using a third-party identity provider.
+If OAuth is configured a **Login with ** button will appear in the login page. Use this button to log in to Hopsworks
+using your OAuth credentials.
+
+  <figure>
+    <a  href="../../../assets/images/auth/oauth2.png">
+      <img width="400px" src="../../../assets/images/auth/oauth2.png" alt="OAuth2 login" />
+    </a>
+    <figcaption>Login with OAuth2</figcaption>
+  </figure>
+
+When logging in with OAuth for the first time Hopsworks will retrieve and save consented claims (firstname, lastname 
+and email), about the logged in end-user.
+
+  <figure>
+    <a  href="../../../assets/images/auth/consent.png">
+      <img width="400px" src="../../../assets/images/auth/consent.png" alt="OAuth2 consent" />
+    </a>
+    <figcaption>Give consent</figcaption>
+  </figure>
+
+After clicking on **Register** you will be redirected to the landing page:
+  <figure>
+    <a  href="../../../assets/images/project/landing-page.png">
+      <img alt="landing page" src="../../../assets/images/project/landing-page.png">
+    </a>
+    <figcaption>Landing page</figcaption>
+  </figure>
+In the landing page, you will find two buttons. Use these buttons to either create a 
+[demo project](../project/demoProject.md) or [a new project](../project/createProject.md).

docs/compute/auth/recoverPassword.md

@@ -0,0 +1,13 @@
+# Password Recovery
+
+If you forget your password click on **Forgot password** on the login page. Enter your email and click on the **Send 
+reset link** button.
+  <figure>
+    <a  href="../../../assets/images/auth/resetPassword.png">
+      <img width="400px" src="../../../assets/images/auth/resetPassword.png" alt="Recover password">
+    </a>
+    <figcaption>Password reset</figcaption>
+  </figure>
+
+A password reset link will be sent to the email address you entered if the email is found in the system.
+Click on the reset link to set your new password.

docs/compute/auth/registration.md

@@ -0,0 +1,34 @@
+# Register a New Account on Hopsworks
+
+The process for registering a new account is as follows:
+
+1. Click on the _Register_ button on the login page.
+2. Register your email address and details.
+3. Validate your email address by clicking on the link in the validation email you received.
+4. Wait until an administrator has approved your account (you will receive a confirmation email).
+
+  <figure>
+    <a  href="../../../assets/images/auth/register.png">
+      <img width="400px" src="../../../assets/images/auth/register.png" alt="Register" />
+    </a>
+    <figcaption>Register new account</figcaption>
+  </figure>
+
+If second factor authentication is required you will be presented with a page like in the figure below. Scan the QR 
+code or type the code in bold to register your account in your authenticator app 
+(example. [Google Authenticator](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en&gl=US)). 
+
+  <figure>
+    <a  href="../../../assets/images/auth/register-2fa.png">
+      <img width="400px" src="../../../assets/images/auth/register-2fa.png" alt="Register" />
+    </a>
+    <figcaption>Add second factor authentication</figcaption>
+  </figure>
+
+After your account is created an administrator needs to validate your account before you can log in.
+  <figure>
+    <a  href="../../../assets/images/auth/account-created.png">
+      <img width="400px" src="../../../assets/images/auth/account-created.png" alt="Register" />
+    </a>
+    <figcaption>Account created</figcaption>
+  </figure>

docs/compute/auth/updateProfile.md

@@ -0,0 +1,47 @@
+# Update your Profile and Credentials
+
+After you have logged in, in the upper right-hand corner of the screen, you will see your name. Click on your name,
+then click on the menu item **Account settings**. The User settings page will open with profile tab selected. In this tab
+you can change your first and last name. You cannot change your email address and will need to create a new 
+account if you wish to change your email address. You can also log out by clicking on the **Log out** menu item.
+
+  <figure>
+    <a  href="../../../assets/images/auth/profile.png">
+      <img src="../../../assets/images/auth/profile.png" alt="User profile" />
+    </a>
+    <figcaption>Update profile</figcaption>
+  </figure>
+
+## Update credential
+To update your credential go to the **Authentication** tab as shown in the image below.
+  <figure>
+    <a  href="../../../assets/images/auth/updatePassword.png">
+      <img src="../../../assets/images/auth/updatePassword.png" alt="Update credentials">
+    </a>
+    <figcaption>Update credential</figcaption>
+  </figure>
+
+## Enable/Reset Two-factor Authentication
+
+You can also change your two-factor setting in the **Authentication** tab. Second factor authentication
+is only available if it is enabled from the cluster administration page.
+
+  <figure>
+    <a  href="../../../assets/images/auth/2fa-enabled.png">
+      <img src="../../../assets/images/auth/2fa-enabled.png" alt="Two-factor Authentication">
+    </a>
+    <figcaption>Enable Two-factor Authentication</figcaption>
+  </figure>
+
+After enabling or resetting two-factor you will be presented with a QR Code. You will then need to scan the QR code 
+to add it on your phone's authenticator application 
+(example. [Google Authenticator](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en&gl=US)). 
+If you miss this step, you will have to recover your smartphone credentials at a later stage. 
+  <figure>
+    <a  href="../../../assets/images/auth/enable2fa.png">
+      <img src="../../../assets/images/auth/enable2fa.png" alt="Register Two-factor Authentication">
+    </a>
+    <figcaption>Register Two-factor Authentication</figcaption>
+  </figure>
+
+Use the one time password generated by your authenticator app to confirm the registration.

docs/compute/project/createProject.md

@@ -0,0 +1,55 @@
+# Create a New Project
+You can create a project by clicking on the **Create new project** button in the Projects list page. 
+This will pop-up a dialog, in which you enter the project name and an optional description. You can also select an 
+initial set of members for the project. The members you select will be 
+given the role of Data Scientist in the project. Member roles can later be updated in the Project settings 
+by the project owner or a member with the data owner role: _for more information about the roles see the documentation_ 
+[here](./multiTenancy.md). 
+
+A valid project name can only contain characters a-z, A-Z, 0-9 and special characters ‘_’ and ‘.’ but not ‘__’ (double underscore). 
+There are also reserved words that are not allowed in project names. A complete list of reserved words can 
+be found in section [Project name reserved words](./reservedNames.md).
+
+  <figure>
+    <a  href="../../../assets/images/project/createProject.png">
+      <img src="../../../assets/images/project/createProject.png" alt="Create project">
+    </a>
+    <figcaption>Create project</figcaption>
+  </figure>
+
+As soon as you have created a new project, you can click on **Open project** in the project list, to see the project 
+main page as illustrated in the figure Project overview.
+
+  <figure>
+    <a  href="../../../assets/images/project/projectList.png">
+      <img src="../../../assets/images/project/projectList.png" alt="Project list">
+    </a>
+    <figcaption>Project list</figcaption>
+  </figure>
+
+  <figure>
+    <a  href="../../../assets/images/project/projectOverview.png">
+      <img src="../../../assets/images/project/projectOverview.png" alt="Project overview">
+    </a>
+    <figcaption>Project overview</figcaption>
+  </figure>
+
+On the left-hand side of the project overview page is the Project Menu. On the top we have the 
+[feature store](https://docs.hopsworks.ai/feature-store-api/latest/) section 
+with feature groups, training datasets and storage connectors. In the middle we have the compute section 
+containing [Jupyter](../jupyter.md) and [Jobs](../jobs.md). Finally, on the bottom of the menu we have the 
+Configuration section with settings for the project. 
+
+In Settings, you will find 4 sub categories that allow you to configure general configuration, python libraries, 
+alerts and integrations to other services. From the general configuration you can add members, share feature store 
+with another project and delete the project.
+
+  <figure>
+    <a  href="../../../assets/images/project/projectSettings.png">
+      <img src="../../../assets/images/project/projectSettings.png" alt="Project settings">
+    </a>
+    <figcaption>Project Settings</figcaption>
+  </figure>
+
+On the top navigation bar next to the Hopsworks logo we find the project name. By clicking on the project name you 
+can go to other projects or back to the projects list page.

docs/compute/project/deleteProject.md

@@ -0,0 +1,13 @@
+# Delete a Project
+You can delete a project in the Project Settings. In the Project Settings General tab, you will find a **Danger 
+Zone** section where there is an option to delete the project.
+  <figure>
+    <a  href="../../../assets/images/project/projectSettings.png">
+      <img src="../../../assets/images/project/projectSettings.png" alt="Project settings">
+    </a>
+    <figcaption>Project Settings</figcaption>
+  </figure>
+
+!!! warning 
+    Deleting a project will delete all the datasets, features and jobs owned by the project.
+