chore: show password dashboard on none authtype and docs change

[roroghost17]

Summary

Fixes the password section visibility logic in the Security view so that enterprise users who authenticate via password (rather than SSO) can still access and configure the password settings. Previously, the check required the auth type to explicitly equal "password", which would hide the section for any non-"password" enterprise auth type. The new check hides the section only when SSO is active.

Also removes an outdated note from the auth setup documentation that incorrectly stated basic authentication was only available in OSS builds.

Changes

• Updated showPasswordSection condition in securityView.tsx to use authType?.type !== "sso" instead of authType?.type === "password", allowing enterprise users with password-based auth to see the password configuration section
• Removed the OSS-only note from setting-up-auth.mdx that no longer accurately reflects feature availability

Type of change

• Bug fix
• Feature
• Refactor
• Documentation
• Chore/CI

Affected areas

• Core (Go)
• Transports (HTTP)
• Providers/Integrations
• Plugins
• UI (React)
• Docs

How to test

1. Run Bifrost in enterprise mode with password-based authentication configured
2. Navigate to the Security settings view
3. Verify the password configuration section is visible
4. Switch to SSO-based authentication and confirm the password section is hidden

cd ui
pnpm i || npm i
pnpm build || npm run build

Breaking changes

• Yes
• No

Related issues

Security considerations

No new security implications. This change restores access to password configuration for enterprise users who are not using SSO.

Checklist

• I read docs/contributing/README.md and followed the guidelines
• I added/updated tests where appropriate
• I updated documentation where needed
• I verified builds succeed (Go and UI)
• I verified the CI pipeline passes locally if applicable

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 2f3f2618-af38-4c13-8557-4bb1ae1151e3

📥 Commits

Reviewing files that changed from the base of the PR and between 943ee4b and 38d21fc.

📒 Files selected for processing (2)

• docs/quickstart/gateway/setting-up-auth.mdx
• ui/app/workspace/config/views/securityView.tsx

💤 Files with no reviewable changes (1)

• docs/quickstart/gateway/setting-up-auth.mdx

---

📝 Walkthrough

Summary by CodeRabbit

• Documentation

  • Simplified authentication setup guide.

• Bug Fixes

  • Password protection dashboard option now accessible for enterprise deployments across additional authentication configurations.

Walkthrough

This PR removes an introductory notice from authentication documentation that referenced OSS limitations, and updates enterprise dashboard logic to display the password protection section for all non-SSO authentication types instead of only explicit "password" type.

Changes

Cohort / File(s)	Summary
Documentation docs/quickstart/gateway/setting-up-auth.mdx	Removed OSS-specific authentication limitation notice; setup instructions remain intact.
Enterprise Auth UI ui/app/workspace/config/views/securityView.tsx	Modified password section gating logic to show "Password protect the dashboard" for enterprise when auth type is not "sso", expanding display conditions beyond explicit "password" type.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 A hop and a bound through auth's domain,
OSS walls fall, restrictions wane!
Dashboard guards now wider wake,
When SSO's not the path we take—
Security grows with cleaner sight! 🔐

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title partially describes the main changes but is somewhat vague; 'chore' and 'none authtype' lack clarity for scanning history.	Consider revising to 'fix: show password settings for non-SSO enterprise users' to better convey the primary bug fix.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description check	✅ Passed	The description is comprehensive with all major sections completed, clearly explaining the bug fix and documentation update.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch 04-29-chore_show_password_dashboard_on_none_authtype_and_docs_change

---

_{Review rate limit: 4/5 reviews remaining, refill in 12 minutes.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[roroghost17]

• chore: show password dashboard on none authtype and docs change #3124 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[github-actions]

🧪 Test Suite Available

This PR can be tested by a repository admin.

Run tests for PR #3124

[greptile-apps]

Confidence Score: 5/5

Safe to merge — targeted, well-scoped fix with no breaking changes or security implications.

Both changes are minimal and correct: the boolean inversion aligns visibility with the described intent (hide only on SSO), and the surrounding guard clauses (authTypeLoading, authTypeError) remain intact. No new logic paths, no data mutations, and the docs removal reflects a factual correction.

No files require special attention.

Important Files Changed

Filename	Overview
ui/app/workspace/config/views/securityView.tsx	One-line logic fix: authType?.type !== "sso" replaces authType?.type === "password" so enterprise users with non-SSO auth (including undefined/unconfigured auth type) see the password section.
docs/quickstart/gateway/setting-up-auth.mdx	Removes an outdated OSS-only note from the auth setup docs that no longer accurately reflects feature availability.

_{Reviews (1): Last reviewed commit: "chore: show password dashboard on none a..." | Re-trigger Greptile}

[akshaydeo]

Merge activity

• Apr 29, 6:01 AM UTC: A user started a stack merge that includes this pull request via Graphite.
• Apr 29, 6:01 AM UTC: @akshaydeo merged this pull request with Graphite.