Document the steps for using custom CA (#3338)

* docs: Document the steps for using custom CA

* chore: Trigger build

* Optimised images with calibre/image-actions

* chore: Fix image format

* docs: Add a note about HTTPS and TLS to the custom CA topic

---------

Co-authored-by: vault-token-factory-spectrocloud[bot] <133815545+vault-token-factory-spectrocloud[bot]@users.noreply.github.com>

docs/docs-content/user-management/saml-sso/palette-sso-with-custom-ca.md

@@ -0,0 +1,58 @@
+---
+sidebar_label: "Palette SSO with Custom CA"
+title: "Enable SSO with a Custom Certificate Authority"
+description: "Learn how to set up Palette SSO with Microsoft Entra ID"
+hide_table_of_contents: false
+sidebar_position: 130
+hiddenFromNav: false
+tags: ["user-management", "oidc-sso", "custom-ca", "rbac"]
+---
+
+A custom Certificate Authority (CA) refers to a certificate authority that is not part of the standard public CA
+ecosystem but is instead managed internally within an organization. This guide explains how you can enable Palette SSO
+with a custom CA certificate.
+
+## Prerequisites
+
+:::info
+
+For an SSO provider to work correctly with Palette, you must enable HTTPS and configure TLS.
+
+:::
+
+- Palette account with Tenant Admin access.
+
+- Existing SSO configuration with an SSO provider supported in Palette. Refer to [SAML and OIDC SSO Setup](saml-sso.md)
+  for links to provider-specific guides.
+
+- Custom CA x509 certificate in the Privacy-Enhanced Mail (PEM) format issued by the SSO provider configured in Palette.
+
+## Enable SSO with Custom CA
+
+1. Log in to [Palette](https://console.spectrocloud.com) as a Tenant Admin.
+
+2. From the left **Main Menu**, select **Tenant Settings**.
+
+3. From the **Tenant Menu**, select **SSO** and, on the **Configure** tab, under **SSO Auth type**, select **OIDC**.
+
+4. In the **Identity Provider CA Certificate** field, enter your custom CA x509 certificate in the PEM format.
+
+   ![Palette that displays the OIDC configuration under SSO settings in the Tenant Settings menu. The Custom CA Certification field is highlighted.](/user-management_saml-sso_palette-sso-with-custom-ca_enter-cert.webp)
+
+5. Optionally, select the **Insecure Skip TLS Verify** checkbox to skip the TLS verification.
+
+   :::info
+
+   You cannot skip TLS verification for Palette VerteX instances. With Palette VerteX, you must provide a valid custom
+   CA certificate.
+
+   :::
+
+6. At the bottom of the page, select **Enable** and, in the **Cluster Update Confirmation** modal, select **Continue**
+   to confirm your changes.
+
+## Validate
+
+1. Log in to [Palette](https://console.spectrocloud.com) and follow the steps to sign in with your SSO provider.
+
+2. If you have successfully logged in to Palette, then the custom CA certificate works as expected.

docs/docs-content/user-management/saml-sso/saml-sso.md

@@ -32,4 +32,6 @@ Check out the following resources to enable SSO in Palette with the supported Id
 
 - [Palette SSO with Keycloak](palette-sso-with-keycloak.md)
 
-- [Palette SSO with Microsoft Entra ID](./palette-sso-with-entra-id.md)
+- [Palette SSO with Microsoft Entra ID](palette-sso-with-entra-id.md)
+
+- [Palette SSO with Custom CA](palette-sso-with-custom-ca.md)