FriendlyCaptcha
diff --git a/‎docs/enterprise/compliance-plus-add-on/audit-logs.md‎
Lines changed: 66 additions & 0 deletions b/‎docs/enterprise/compliance-plus-add-on/audit-logs.md‎
Lines changed: 66 additions & 0 deletions
diff --git a/‎docs/enterprise/compliance-plus-add-on/enhanced-access-control.md‎
Lines changed: 154 additions & 0 deletions b/‎docs/enterprise/compliance-plus-add-on/enhanced-access-control.md‎
Lines changed: 154 additions & 0 deletions
diff --git a/‎docs/enterprise/compliance-plus-add-on/index.md‎
Lines changed: 12 additions & 0 deletions b/‎docs/enterprise/compliance-plus-add-on/index.md‎
Lines changed: 12 additions & 0 deletions
@@ -0,0 +1,66 @@
+# Audit Logs
+
+:::info
+
+The Audit Logs feature is part of the [**Compliance+ Add-On**](../compliance-plus-add-on/).
+
+:::
+
+The Audit Logs feature provides comprehensive tracking of changes made by you and your team members within your organization's Friendly Captcha dashboard. This lets you keep track of what changes were made, when those changes were made, and by which user. The activity trail created by the Audit Logs feature is persistent and cannot be modified, so it can help you to satisfy enterprise compliance requirements and can help with security investigations.
+
+Audit Logs are particularly useful when many different team members have access to make changes on your organization's Friendly Captcha dashboard. Audit Logs include activity like creating, modifying or deleting *Applications*, creating or deleting *API keys*, inviting users, and so on. When you combine Audit Logs with [Enhanced Access Control](./enhanced-access-control), you will have tight control over security and have full oversight of changes that are made.
+
+This page shows you how you and your team members can use Audit Logs in the Friendly Captcha Dashboard. If you have any trouble, please do [contact support](https://friendlycaptcha.com/support/) and we'd be more than happy to help!
+
+## Enabling Audit Logs
+
+Audit Logs are enabled by default for all customers with the [**Compliance+ Add-On**](../compliance-plus-add-on/).
+
+## Using Audit Logs
+
+### Overview
+
+In the [Friendly Captcha Dashboard](https://app.friendlycaptcha.com/dashboard), navigate to the **Audit Logs** page. It looks like this:
+
+<figure style={{ textAlign: 'center' }}>
+    <img src="/img/audit-logs.png" alt="Screenshot of Audit Logs" />
+    <figcaption><i>Screenshot of Audit Logs</i></figcaption>
+</figure>
+
+There are three columns:
+
+- *Description*: A summary of what changed.
+- *Actor*: The display name of the user that made this change.
+- *Timestamp*: The date and time of the change.
+
+### Showing further details
+
+You can click on an item to show more detailed information. In the screenshot below, the first item in the list is expanded:
+
+<figure style={{ textAlign: 'center' }}>
+    <img src="/img/audit-logs-detail.png" alt="Screenshot of the details for an Audit Logs entry" />
+    <figcaption><i>Screenshot of the details for an Audit Logs entry</i></figcaption>
+</figure>
+
+The details for every event will always include these two fields:
+
+- *Actor*: The user that made this change.
+- *Resource*: The resource that the change relates to (e.g. an *Application*, *API Key*, *Widget Theme*, etc).
+
+For some events, the details will also show the value before and after the change:
+
+- The old value *before* the change is shown by the line starting with a `-` symbol and is highlighted in red.
+- The new value *after* the change is shown by the line starting with a `+` symbol and is highlighted in green.
+
+### Selecting a date range
+
+If you want to view activity for a particular time period, click the date selector:
+
+<figure style={{ textAlign: 'center' }}>
+    <img src="/img/audit-logs-date.png" alt="Screenshot of Audit Logs date selector" />
+    <figcaption><i>Screenshot of Audit Logs date selector</i></figcaption>
+</figure>
+
+## Controlling who can view Audit Logs
+
+Due to the sensitive nature of Audit Logs, only the user with the *Owner* role can view Audit Logs.
@@ -0,0 +1,154 @@
+# Enhanced Access Control
+
+:::info
+
+The Enhanced Access Control feature is part of the [**Compliance+ Add-On**](../compliance-plus-add-on/).
+
+:::
+
+The Enhanced Access Control feature gives you fine-grained access control over what each of your team members can view or modify within your organization's Friendly Captcha dashboard. This allows you to implement the principle of least-privilege by granting team members only the minimum permissions they need to perform their duties. You can create roles tailored to your organization's structure, such as view-only auditors, billing administrators, or developers with access to only specific *Applications*. This can help you to satisfy security best practices and enterprise compliance requirements.
+
+For many organizations, tightly controlling access and keeping an audit log of changes are critical components of cybersecurity and compliance. Enhanced Access Control combines well with the [Audit Logs](./audit-logs) feature to help you satisfy these requirements.
+
+Additionally, if you are using our [Single Sign-On (SSO)](./single-sign-on) feature to leverage your organization's existing identity provider for authentication, you can use Enhanced Access Control to create a *Default Role* with minimal (or even zero) permissions so that any team member logging in for the first time using SSO won't have more access than you intended.
+
+## Features
+
+### App Groups
+
+If you have many *Applications* configured in the Friendly Captcha Dashboard, you may want some team members to only have access to a specific set of applications. To make this easier, you can create an *App Group* with one or more *Applications*, and then create a *Custom Role* that has view or edit permissions for this *App Group*.
+
+### Custom Roles
+
+There are three default roles:
+
+- *Member*: This role can manage *Applications*, *API Keys*, and *Widget Themes*.
+- *Admin*: This role is like *Member*, but can also send invites to new users.
+- *Owner*: This role has maximum access, including deleting *Members* or changing their role, configuring [Single Sign-On](./single-sign-on), and viewing [Audit Logs](./audit-logs).
+
+If you have many team members that have access to your organization's Friendly Captcha Dashboard, you may want to have more fine-grained access control. Custom Roles lets you create new roles that have exactly the permissions you want, such as read-only access, or edit access to only one specific *App Group*.
+
+## Enabling Enhanced Access Control
+
+Enhanced Access Control is enabled by default for all customers with the [**Compliance+ Add-On**](../compliance-plus-add-on/).
+
+## Managing Enhanced Access Control
+
+In the [Friendly Captcha Dashboard](https://app.friendlycaptcha.com/dashboard), navigate to the **Settings** page and find the **App Groups** and **Custom Roles** sections. They look like this:
+
+<figure style={{ textAlign: 'center' }}>
+    <img src="/img/app-groups-and-custom-roles-settings.png" alt="Screenshot of App Groups and Custom Roles settings" />
+    <figcaption><i>Screenshot of App Groups and Custom Roles settings</i></figcaption>
+</figure>
+
+### App Groups
+
+:::info
+
+There is a built-in App Group called **Default**. If you haven't created any additional App Groups yet, all of your *Applications* belong to the **Default** App Group.
+
+:::
+
+To add a new App Group, type a suitable name into the input box and click the *Add App Group* button:
+
+<figure style={{ textAlign: 'center' }}>
+    <img src="/img/app-groups-add.png" alt="Screenshot of adding a new App Group" />
+    <figcaption><i>Screenshot of adding a new App Group</i></figcaption>
+</figure>
+
+Your new App Group should now be visible in the list of App Groups:
+
+<figure style={{ textAlign: 'center' }}>
+    <img src="/img/app-groups-created.png" alt="Screenshot of the new App Group" />
+    <figcaption><i>Screenshot of the new App Group</i></figcaption>
+</figure>
+
+To assign an Application to your new App Group, navigate to the *Applications* page to see your list of Applications. Click the *Manage* button for the Application you want to assign. You should see a page like this:
+
+<figure style={{ textAlign: 'center' }}>
+    <img src="/img/app-groups-manage-app.png" alt="Screenshot of the Manage App page" />
+    <figcaption><i>Screenshot of the Manage App page</i></figcaption>
+</figure>
+
+Click the *App Group* drop-down menu and select your new App Group, then click the *Save changes* button. You can repeat this step for any other Applications that you want to put into this App Group.
+
+Go back to the main *Applications* page to see your list of Applications. You can now see the name of the App Group in the details of each Application:
+
+<figure style={{ textAlign: 'center' }}>
+    <img src="/img/app-groups-applications.png" alt="Screenshot of the Applications page" />
+    <figcaption><i>Screenshot of the Applications page</i></figcaption>
+</figure>
+
+:::info
+
+You cannot delete an App Group that still has Applications assigned to it. To delete an App Group, you first need to assign all of the Applications that are in that App Group to a different App Group.
+
+:::
+
+### Custom Roles
+
+To add a new Custom Role, click the *Add custom role* button:
+
+<figure style={{ textAlign: 'center' }}>
+    <img src="/img/custom-roles-add.png" alt="Screenshot of Add Custom Role button" />
+    <figcaption><i>Screenshot of the Add Custom Role button</i></figcaption>
+</figure>
+
+You will be taken to a page where you can configure your new Custom Role:
+
+<figure style={{ textAlign: 'center' }}>
+    <img src="/img/custom-roles-form.png" alt="Screenshot of the Add Custom Role form" />
+    <figcaption><i>Screenshot of the Add Custom Role form</i></figcaption>
+</figure>
+
+The form has these fields:
+
+- **Role Name**: The name for your new Custom Role.
+- **Account Permissions**: These are broad permissions that you can grant to this Custom Role. You might for example give the `Manage Billing` permission to a Custom Role designed for your finance team, but give them no other permissions.
+- **All Apps Permissions**: The permission level you set here will be granted to this Custom Role across all Applications. These are the available choices:
+    - *Manage*: View, create, update, or delete Applications.
+    - *Edit*: View or update Applications.
+    - *View*: View all Applications.
+    - *None*: Cannot view any Applications.
+- **App Group Permissions**: Here you can grant permissions to one or more specific App Groups. The permission levels (i.e. *Manage*, *Edit*, *View*) behave the same as for *All Apps Permissions* described above.
+
+In the example below, we will create a Custom Role that can *Manage Widget Themes*, *Manage API Keys*, has the *View* permission level for all Applications, and the *Manage* permission level for Applications in one specific App Group:
+
+<figure style={{ textAlign: 'center' }}>
+    <img src="/img/custom-roles-form-completed.png" alt="Screenshot of the completed Custom Role form" />
+    <figcaption><i>Screenshot of the completed Custom Role form</i></figcaption>
+</figure>
+
+:::tip
+
+**All Apps Permissions** takes precedence over **App Group Permissions**. It behaves like the default permission level across all *App Groups*. You can then use **App Group Permissions** to grant increased permissions to a specific *App Group*.
+
+You cannot use **App Group Permissions** to restrict permissions below the level of permissions granted by **All Apps Permissions**. If you try to do this, the dashboard will display an error message.
+
+:::
+
+Click the *Save Changes* button when you are done. You will be taken back to the main *Settings* page, where you can see your new Custom Role:
+
+<figure style={{ textAlign: 'center' }}>
+    <img src="/img/custom-roles-created.png" alt="Screenshot of the new Custom Role" />
+    <figcaption><i>Screenshot of the new Custom Role</i></figcaption>
+</figure>
+
+You can now assign specific users to your new Custom Role. In the *Settings* page, scroll to the *Members* section, click the *Role* drop-down menu next to the desired user, and select your new Custom Role:
+
+<figure style={{ textAlign: 'center' }}>
+    <img src="/img/custom-roles-assign.png" alt="Screenshot of assigning a Custom Role to a user" />
+    <figcaption><i>Screenshot of assigning a Custom Role to a user</i></figcaption>
+</figure>
+
+:::tip
+
+When inviting a new user, you have to select a role for them when sending the invite. The choice of roles includes any Custom Roles you have created.
+
+:::
+
+:::info
+
+You cannot delete a Custom Role that still has users assigned to it. To delete a Custom Role, you first need to assign all of the users with that role to a different role.
+
+:::
@@ -0,0 +1,12 @@
+# Compliance+ Add-On
+
+The Friendly Captcha Compliance+ Add-On is an optional extra on the [Enterprise plan](../../enterprise/). It is tailor-made to help you **reduce compliance effort and risk**.
+
+The core features of the Compliance+ Add-On include:
+
+- [Single Sign-On (SSO)](./single-sign-on)
+    - Bring your own identity provider to manage authentication to the Friendly Captcha dashboard.
+- [Enhanced Access Control](./enhanced-access-control)
+    - Precise control over what each user can view or modify in the Friendly Captcha dashboard.
+- [Audit Logs](./audit-logs)
+    - Persistent records of actions and changes made by users in your Friendly Captcha dashboard.