From 70f1c05e55e1a027fb5d3972f9b6bf5f7450984c Mon Sep 17 00:00:00 2001
From: EarthlingDavey <15802017+EarthlingDavey@users.noreply.github.com>
Date: Wed, 27 Nov 2024 13:01:42 +0000
Subject: [PATCH] Update README.md

---
 .github/README.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/README.md b/.github/README.md
index afe14132d..e67a41ae1 100644
--- a/.github/README.md
+++ b/.github/README.md
@@ -363,6 +363,7 @@ To view the intranet content, visitors must meet one of the following criteria.
 
 - Be in an Allow List of IP ranges. 
 - Or, have a Microsoft Azure account, within the organisation.
+- Or, in the case of the intranet-archive scraper, have a valid JWT token.
 
 The visitor's IP is checked first, then if that check fails, they are redirected to the project's Entra application.
 
@@ -546,6 +547,14 @@ This is for 2 reasons:
 - It will keep the OAuth session fresh, the endpoint handler will refresh OAuth tokens, and update JWTs before they expire.
 - If a visitor's state has changed, e.g. they have moved from an office with an allowed IP, then their browser content is blurred and they are prompted to refresh the page.
 
+### Access for the Intranet Archive service.
+
+The intranet-archive service is a scraper that collects content from the intranet for archiving purposes.
+
+It is granted access via a JWT token, which is generated manually by running the `wp gen-jwt intranet-archive` command from an fpm container.
+
+The cookie has a role of `intranet-archive`. For this roll to be granted access to the intranet, the request IP must be one of Cloud Platform's egress IPs.
+
 <!-- License -->
 
 [License Link]: https://github.com/ministryofjustice/intranet/blob/main/LICENSE 'License.'