docs: update user onboarding guide

README.md

@@ -55,7 +55,7 @@ More information can be found in [the roadmap](#roadmap) below.
 - [x] Support multiple environments (dev, prod)
 - [ ] Monitoring and alerting 🚧
 - [ ] Automated offsite backups 🚧
-- [ ] Single sign-on 🚧
+- [x] Single sign-on
 - [x] Infrastructure testing
 
 Some demo videos and screenshots are shown here.
@@ -165,6 +165,11 @@ They can't capture all the project's features, but they are sufficient to get a
         <td><a href="https://k3s.io">K3s</a></td>
         <td>Lightweight distribution of Kubernetes</td>
     </tr>
+    <tr>
+        <td><img width="32" src="https://kanidm.com/images/logo.svg"></td>
+        <td><a href="https://kanidm.com">Kanidm</a></td>
+        <td>Modern and simple identity management platform</td>
+    </tr>
     <tr>
         <td><img width="32" src="https://avatars.githubusercontent.com/u/13629408"></td>
         <td><a href="https://kubernetes.io">Kubernetes</a></td>

docs/getting-started/user-onboarding.md

@@ -24,19 +24,13 @@
 
 === "For admin"
 
-    ## Create a new account
+    Run the following script:
 
-    TODO
+    ```sh
+    ./script/onboard-user exampleuser "Example User" "user@example.com"
+    ```
 
-    ## Send initial password
-
-    Choose one of the methods listed below to send the initial password to the user:
-
-    - Share via password manager (if supported)
-    - Encrypt the password file and send it via email or chat
-    - Simply write or print the password on a piece of paper
-
-    On the first login, the user will be required to update their password.
+    Let the user scan the QR code or follow the link to set up passkeys or password + TOTP.
 
 ## Appendix
 

docs/reference/roadmap.md

@@ -23,7 +23,7 @@ Good enough for tinkering and personal usage, and reasonably secure.
     - [x] Monitoring
     - [x] Logging
     - [ ] Alerting
-- [ ] SSO
+- [x] SSO
 - [ ] Reasonably secure
     - [x] Automated certificate management
     - [x] Declarative secret management