docs: motd and self-hosted db ca updates

gravitational · Dec 3, 2024 · 493f0f4 · 493f0f4
1 parent 7438468
commit 493f0f4
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 2 deletions.
diff --git a/docs/pages/includes/database-access/self-hosted-introduction.mdx b/docs/pages/includes/database-access/self-hosted-introduction.mdx
@@ -5,14 +5,14 @@ system](../../enroll-resources/database-access/rbac.mdx).
 
 The Teleport Database Service proxies traffic from database clients to
 self-hosted databases in your infrastructure. Teleport maintains a certificate
-authority for database clients. You configure your database to trust the
+authority (CA) for database clients. You configure your database to trust the
 Teleport database client CA, and the Teleport Database Service presents
 certificates signed by this CA when proxying user traffic. With this setup,
 there is no need to store long-lived credentials for self-hosted databases.
 
 Meanwhile, the Teleport Database Service verifies self-hosted databases by
 checking their TLS certificates against either the Teleport database CA or a
-custom CA chosen by the user.
+custom CA used with the database.
 
 In this guide, you will:
 

diff --git a/docs/pages/reference/access-controls/authentication.mdx b/docs/pages/reference/access-controls/authentication.mdx
@@ -275,3 +275,49 @@ See [GitHub OAuth 2.0](../../admin-guides/access-controls/sso/github-sso.mdx) fo
 
 </TabItem>
 </Tabs>
+
+## Require displaying a message of the day
+
+Teleport can display a custom message of the day (MOTD) for users prior to authenticating
+in the Teleport Web UI and CLI.
+
+### Self-Hosted
+
+Add the following to your Teleport configuration file, which is stored in
+`/etc/teleport.yaml` by default.
+
+```yaml
+auth_service:
+  message_of_the_day: |
+    Welcome to the Example Teleport Cluster
+    All activity is monitored and should follow organization policies
+```
+
+Restart the Teleport Auth Service instances to apply this change.
+
+### Teleport Enterprise Cloud/Dynamic
+
+Edit your `cluster_auth_preference` resource:
+
+```code
+$ tctl edit cap
+```
+
+Ensure that the resource includes the `message_of_the_day` field:
+
+```yaml
+kind: cluster_auth_preference
+metadata:
+  name: cluster-auth-preference
+spec:
+  message_of_the_day: |
+    Welcome to the Example Teleport Cluster
+    All activity is monitored and should follow organization policies
+  type: local
+  second_factor: "on"
+  webauthn:
+    rp_id: example.teleport.sh
+version: v2
+```
+
+Save and close the file in your editor to apply changes.