website/integrations: vault: add external group documentation

[mzhaase]

Details

This PR changes the documentation page https://docs.goauthentik.io/integrations/services/hashicorp-vault/.
It adds more in-depth explanation on how to integrate authentik with hashicorp vault when wanting to use external groups.

---

[netlify]

✅ Deploy Preview for authentik-docs ready!

Name	Link
🔨 Latest commit	37a5e34
🔍 Latest deploy log	https://app.netlify.com/sites/authentik-docs/deploys/67333efa94232800073bfc6b
😎 Deploy Preview	https://deploy-preview-11994--authentik-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[netlify]

✅ Deploy Preview for authentik-storybook canceled.

Name	Link
🔨 Latest commit	37a5e34
🔍 Latest deploy log	https://app.netlify.com/sites/authentik-storybook/deploys/67333efa73d5b10008a4a70d

[tanberry]

Suggested change

	If you wish to manage group membership in vault via Authentik you have to use [external groups](https://developer.hashicorp.com/vault/tutorials/auth-methods/oidc-auth#create-an-external-vault-group).
	If you wish to manage group membership in Hashicorp Vault via Authentik you have to use [external groups](https://developer.hashicorp.com/vault/tutorials/auth-methods/oidc-auth#create-an-external-vault-group).

[tanberry]

Does one no longer need to use the oidc_scopes option at all?

[tanberry]

Suggested change

	In authentik, edit the oidc provider created above. Unser "Advanced protocol settings" add "authentik default OAuth Mapping: OpenID 'profile'". This includes the "groups" mapping.
	In authentik, edit the OIDC provider created above. Unser **Advanced protocol settings** add `authentik default OAuth Mapping: OpenID 'profile'` This includes the groups mapping.

[tanberry]

Suggested change

	In hashicorp vault, change the reader role
	In Vault, change the reader role to have the following settings:

[tanberry]

Suggested change

	Add a group
	Add a group.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 92.56%. Comparing base (b2c9dff) to head (42f7e36).

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #11994      +/-   ##
==========================================
- Coverage   92.58%   92.56%   -0.02%     
==========================================
  Files         761      761              
  Lines       37822    37822              
==========================================
- Hits        35016    35009       -7     
- Misses       2806     2813       +7     

Flag	Coverage Δ
e2e	49.15% <ø> (-0.06%)	⬇️
integration	24.91% <ø> (ø)
unit	90.15% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[tanberry]

Suggested change

	Get the canonical id of the group
	Get the canonical ID of the group.

[tanberry]

If this is the canonical ID, let's add this full name: vault_identity_group

[tanberry]

Suggested change

	Get the id of the oidc accessor
	Get the ID of the OIDC accessor.

[tanberry]

Suggested change

	Add a group alias, this maps the group to the oidc backend
	Add a group alias; this alias maps the group to the OIDC backend.

[tanberry]

Can you add a period at end of this sentence, please?

[tanberry]

Thanks so much for adding this additional, important info! A couple of edits and suggestions, then let's git it merged! Thanks again.

[tanberry]

You might need to run npm prettier or make website and then push again, @mzhaase ... the linter is failing on the build. ;-(

[mzhaase]

I implemented the changes in a new commit.