From 8611f682d444dad173d18fb4e492ca7bf56ad540 Mon Sep 17 00:00:00 2001
From: Mark Phelps <209477+markphelps@users.noreply.github.com>
Date: Sun, 24 Mar 2024 11:06:03 -0400
Subject: [PATCH] chore: document allowed teams

---
 configuration/authentication.mdx | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/configuration/authentication.mdx b/configuration/authentication.mdx
index 9d6f590f..cb06ee9a 100644
--- a/configuration/authentication.mdx
+++ b/configuration/authentication.mdx
@@ -320,6 +320,34 @@ authentication:
   the user is a member of.
 </Note>
 
+#### Allowed Teams
+
+As of version [1.39.0](https://github.com/flipt-io/flipt/releases/tag/v1.39.0) of Flipt, the GitHub authentication method also supports the ability to restrict access to a set of GitHub teams. This is important if you want to limit access to Flipt to only members of a specific team within an organization as opposed to all members of the organization.
+
+To enable this feature, set the `github.allowed_teams` configuration value to a list of GitHub teams within existing allowed organizations. For example:
+
+```yaml config.yaml
+authentication:
+  methods:
+    github:
+      enabled: true
+      scopes:
+        - read:org
+      allowed_organizations:
+        - my-org
+        - my-other-org
+      allowed_teams:
+        my-org:
+          - my-team
+        my-other-org:
+          - my-other-team
+```
+
+<Note>
+  The organizations to check for team membership must be included in the
+  `allowed_organizations` list.
+</Note>
+
 ### Kubernetes
 
 The `kubernetes` method provides the ability to exchange Kubernetes service account tokens for client tokens.