website/integrations: minio: configure openid on web (#9874)

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>

website/integrations/services/minio/index.md

@@ -21,7 +21,7 @@ The following placeholders will be used:
 
 The primary way to manage access in MinIO is via [policies](https://min.io/docs/minio/linux/administration/identity-access-management/policy-based-access-control.html#minio-policy). We need to configure authentik to return a list of which MinIO policies should be applied to a user.
 
-Under _Customization_ -> _Property Mappings_, create a _Scope Mapping_. Give it a name like "OIDC-Scope-minio". Set the scope name to `minio` and the expression to the following
+Create a Scope Mapping: in the authentik Admin interface, navigate to **Customization -> Property Mappings**, click **Create**, and then select **Scope Mapping**. Give the property mapping a name like "OIDC-Scope-minio". Set the scope name to `minio` and the **Expression** to the following:
 
 ```python
 return {
@@ -29,7 +29,7 @@ return {
 }
 ```
 
-This mapping will result in the default MinIO `readwrite` policy being applied to all users. If you want to create a more granular mapping based on authentik groups, use an expression like this
+This mapping applies the default MinIO `readwrite` policy to all users. If you want to create a more granular mapping based on authentik groups, use an expression like this:
 
 ```python
 if ak_is_group_member(request.user, name="Minio admins"):
@@ -47,22 +47,45 @@ Note that you can assign multiple policies to a user by returning a list, and re
 
 ### Creating application and provider
 
-Create an application in authentik. Create an _OAuth2/OpenID Provider_ with the following parameters:
+Create an application in authentik. Create an OAuth2/OpenID provider with the following parameters:
 
 -   Client Type: `Confidential`
--   Scopes: OpenID, Email, Profile and the scope you created above
+-   Scopes: OpenID, Email, Profile, and the scope you created above
 -   Signing Key: Select any available key
 -   Redirect URIs: `https://minio.company/oauth_callback`
 
+Set the scope of the MinIO scope mapping that you created in the provider (previous step) in the **Advanced** area under **Protocol Settings -> Scopes**.
+
 Note the Client ID and Client Secret values. Create an application, using the provider you've created above. Note the slug of the application you've created.
 
-## MinIO
+## MinIO configuration
+
+You can set up OpenID in two different ways: via the web interface or the command line.
+
+### Web Interface
+
+From the sidebar of the main page, go to **Identity -> OpenID**, click **Create**, and then define the configuration as follows:
+
+-   Name: MinIO
+-   Config URL: `https://minio.company/application/o/<minio slug>/.well-known/openid-configuration`
+-   Client ID: Your client ID from the previous step
+-   Client Secret: Your client secret from the previous step
+-   Scopes: `openid, email, profile, minio`
+-   Redirect URI: `https://minio.company/oauth_callback`
+
+Finally, click **Save** and follow the instructions in the popup to restart your instance.
+
+### Command Line
+
+You must install the MinIO binaries from [here](https://min.io/docs/minio/linux/reference/minio-mc.html). You then need to create an alias for your instance using: `mc alias set myminio https://minio.company <access key> <secret key>`. You can follow [this StackOverflow answer](https://stackoverflow.com/a/77645374) to create a secret key and access key.
+
+After that is done, run the following command to configure the OpenID provider:
 
 ```
 ~ mc admin config set myminio identity_openid \
-  config_url="https://authentik.company/application/o/<applicaiton-slug>/.well-known/openid-configuration" \
+  config_url="https://authentik.company/application/o/<minio slug>/.well-known/openid-configuration" \
-  client_id="<client id from above>" \
+  client_id="<client id>" \
-  client_secret="<client secret from above>" \
+  client_secret="<client secret>" \
   scopes="openid,profile,email,minio"
 ```