From c22ef80a1e6306c28a55258a1b36f277de47b305 Mon Sep 17 00:00:00 2001
From: Mitchell Hashimoto <mitchell.hashimoto@gmail.com>
Date: Fri, 17 Apr 2015 17:41:56 -0700
Subject: [PATCH] website: auth backends

---
 website/source/docs/auth/index.html.md | 40 ++++++++++++++++++++++++++
 website/source/layouts/docs.erb        | 19 ++++++++++++
 2 files changed, 59 insertions(+)
 create mode 100644 website/source/docs/auth/index.html.md

diff --git a/website/source/docs/auth/index.html.md b/website/source/docs/auth/index.html.md
new file mode 100644
index 0000000000..d20e555eea
--- /dev/null
+++ b/website/source/docs/auth/index.html.md
@@ -0,0 +1,40 @@
+---
+layout: "docs"
+page_title: "Auth Backends"
+sidebar_current: "docs-auth"
+description: |-
+  Auth backends are mountable backends that perform authentication for Vault.
+---
+
+# Auth Backends
+
+Auth backends are the components in Vault that perform authentication
+and are responsible for assigning identity and a set of policies to a
+user.
+
+Having multiple auth backends enables you to use an auth backend
+that makes the sense for your use case of Vault and your organization.
+
+For example, on developer machines, the [GitHub auth backend](/docs/auth/github.html)
+is easiest to use. But for servers the [App ID](/docs/auth/app-id.html)
+backend is the recommended choice.
+
+To learn more about authentication, see the
+[authentication concepts page](/docs/concepts/auth.html).
+
+## Enabling/Disabling Auth Backends
+
+Auth backends can be enabled/disabled using the CLI or the API.
+
+When enabled, auth backends are similar to [secret backends](/docs/secret/index.html):
+they are mounted within the Vault mount table and can be accessed
+and configured using the standard read/write API. The only difference
+is that all auth backends are mounted underneath the `auth/` prefix.
+
+By default, auth backends are mounted to `auth/<type>`. For example,
+if you enable "github", then you can interact with it at `auth/github`.
+However, this path is customizable, allowing users with advanced use
+cases to mount a single auth backend multiple times.
+
+When an auth backend is disabled, all users authenticated via that
+backend are automatically logged out.
diff --git a/website/source/layouts/docs.erb b/website/source/layouts/docs.erb
index 802dfc2d76..b43d71de2b 100644
--- a/website/source/layouts/docs.erb
+++ b/website/source/layouts/docs.erb
@@ -81,6 +81,25 @@
 					<a href="/docs/http/index.html">HTTP API</a>
 				</li>
 
+				<hr>
+
+				<li<%= sidebar_current("docs-auth") %>>
+					<a href="/docs/auth/index.html">Auth Backends</a>
+					<ul class="nav">
+						<li<%= sidebar_current("docs-auth-token") %>>
+							<a href="/docs/auth/token.html">Tokens</a>
+						</li>
+
+						<li<%= sidebar_current("docs-auth-github") %>>
+							<a href="/docs/auth/github.html">GitHub</a>
+						</li>
+
+						<li<%= sidebar_current("docs-auth-appid") %>>
+							<a href="/docs/auth/app-id.html">App ID</a>
+						</li>
+					</ul>
+				</li>
+
 				<li<%= sidebar_current("docs-secrets") %>>
 					<a href="/docs/secrets/index.html">Secret Backends</a>
 					<ul class="nav">