Add auth as a service use case (#3386)

astro/src/content/docs/customize/look-and-feel/index.mdx

@@ -4,6 +4,7 @@ description: Learn about theming the FusionAuth hosted login pages.
 section: customize
 subcategory: look and feel
 topOfNav: true
+tags: auth as a service
 ---
 import ListHostedLoginPagesUseCases from 'src/content/docs/_shared/_list-hosted-login-pages-use-cases.mdx';
 import PremiumPlanBlurbApi from 'src/content/docs/_shared/_premium-plan-blurb-api.astro';

astro/src/content/docs/get-started/core-concepts/tenants.mdx

@@ -3,6 +3,7 @@ title: Tenants
 description: An overview of FusionAuth Tenants.
 section: get started
 subcategory: core concepts
+tags: auth as a service
 ---
 import APIBlock from 'src/components/api/APIBlock.astro';
 import APIField from 'src/components/api/APIField.astro';

astro/src/content/docs/get-started/use-cases/auth-service.mdx

@@ -0,0 +1,120 @@
+---
+title: Auth as a Service
+description: Delegate your authentication to FusionAuth.
+section: get started
+subcategory: use cases
+---
+import LoginBefore from 'src/diagrams/quickstarts/login-before.astro';
+import LoginAfter from 'src/diagrams/quickstarts/login-after.astro';
+import AuthServiceDescription from 'src/content/docs/get-started/use-cases/_auth-service-description.mdx';
+import Breadcrumb from 'src/components/Breadcrumb.astro';
+
+## Overview
+
+<AuthServiceDescription />
+
+## Problem 
+
+You have an application that you want to add authentication features to. You also want to safely store users' personal identifiable information and credentials.
+
+## Solution
+
+With the auth as a service use case, after integrating FusionAuth with your application, you can add a variety of authentication and authorization features to your application or applications using configuration rather than coding.
+
+Additionally, as FusionAuth improves in security and functionality, you'll be able to enable the features without any further code changes to your application or applications.
+
+This is an example of [the Local Login and Registration Mode](/docs/lifecycle/authenticate-users/oauth/modes#local-login-and-registration) and is the foundation of most other use cases.
+
+## Prerequisites
+
+You have a running web or mobile application that has some kind of login flow.
+
+You have a FusionAuth instance up and running.
+
+## Example Scenario
+
+Suppose you have an e-commerce store, where people can buy clown costumes. You want to:
+
+* let the user log in easily, using social logins or magic links
+* let the user register
+* enable MFA
+* verify user emails
+
+## Actors/Components
+
+* your user and their client application (mobile app or browser)
+* your application
+* FusionAuth
+
+## Implementation Steps
+
+This is a two step implementation to ensure your customers will always be able to buy clown wigs and red noses. First you need to integrate with FusionAuth, then you need to configure FusionAuth to enable desired features.
+
+Here's a high level sequence diagram of the application login process before you integrate with FusionAuth.
+
+<LoginBefore alt="Your application login flow before FusionAuth." />
+
+Here's a high level sequence diagram of the application login process after FusionAuth integration.
+
+<LoginAfter alt="Your application login flow with FusionAuth." />
+
+### Integrating With FusionAuth
+
+You need to do the following to integrate with FusionAuth:
+
+* Create an application configuration in FusionAuth using the admin UI or the API. This corresponds to your clown goods ecommerce store and tells FusionAuth about the login behaviors you want.
+* Choose an integration method. The right option depends on your applications architecture and technology. You can use an OIDC library, one of the FusionAuth SPA SDKs ([Angular](/docs/sdks/angular-sdk), [React](/docs/sdks/react-sdk), [Vue](/docs/sdks/vue-sdk)) or mobile SDKs ([Android](/docs/sdks/android-sdk), iOS coming soon), or a compatible FusionAuth [client library](/docs/sdks).
+* Configure the integration method. The exact steps will vary, but typically includes the client Id.
+* Update your application and add a link or button to send the user to FusionAuth when they need to log in. The correct URL is displayed in the <Breadcrumb>View</Breadcrumb> screen of the application config or you can build it using the [example authorization code grant](/docs/lifecycle/authenticate-users/oauth/#example-authorization-code-grant) documentation. Some OIDC libraries can generate this URL given a client Id.
+* When your application receives tokens, the user is successfully "logged in". You should ensure that the ecommerce application considers the user logged in. What exactly that means depends on each particular application, but often involves creating a session and storing user data inside of it.
+* Take additional steps such as examining tokens for roles or sending the token to the browser as a cookie. Again, the exact next steps depend on the application.
+
+### Updating FusionAuth Configuration
+
+Now that your application delegates authentication to FusionAuth, additional features can be enabled via configuration. The specific configuration steps depend on the exact feature. You can manage [FusionAuth configuration using IaC or other means](/docs/operate/deploy/configuration-management).
+
+You'll probably want to update the [FusionAuth hosted pages look and feel to match your branding using themes](/docs/customize/look-and-feel/).
+
+## Expected Outcome
+
+You've delegated your application's login functionality to FusionAuth. User profile and credential data is securely stored, and you can enable new functionality through configuration, rather than engineering effort.
+
+## Edge Cases
+
+If you have user data in your application, you'll want to migrate it to FusionAuth. Here's a [helpful migration guide](/docs/lifecycle/migrate-users/general-migration).
+
+In your application, after successful login, validate [the tokens and the claims provided](/articles/tokens/building-a-secure-jwt#consuming-a-jwt) to ensure the token was provided by FusionAuth for your application.
+
+Ensure you modify [the look and feel of the hosted login pages with themes](/docs/customize/look-and-feel/).
+
+{/* TODO link this when data store use case is built out */}
+The hosted login pages give you maximal flexibility around look and feel customization, but constrain your login flow options. If you want to build login workflows with unique requirements, use the [Login API](/docs/apis/login). This is the data store use case. An example custom workflow would be:
+
+* prompt for an invite code and have the user provide a login Id 
+* send the user an MFA challenge
+* present them with a login screen, but only the login Id (email or username)
+* ask for the password on the next page
+
+## Other Example Scenarios
+
+Any application which requires a user to log in to access data or functionality matches this use case. Examples include:
+
+* An online game
+* An AI content editing application
+* A blog
+* A support ticketing system
+* A social network
+
+In each of these cases there's functionality limited to users based on their identity, profile and permissions.
+
+## Additional Documentation
+{/* TODO should update this to point to task based quickstarts, both for MFA and for email verification */ }
+
+* [Enabling Google login](/docs/lifecycle/authenticate-users/identity-providers/social/google)
+* [Enabling SAML Login](/docs/lifecycle/authenticate-users/identity-providers/overview-samlv2)
+* [Email verification tenant settings](/docs/get-started/core-concepts/tenants#email-verification-settings)
+* [MFA guide](/docs/lifecycle/authenticate-users/multi-factor-authentication)
+* [General migration guide](/docs/lifecycle/migrate-users/general-migration)
+* [Basic self-service registration](/docs/lifecycle/register-users/basic-registration-forms)
+* [Theme/look and feel changes](/docs/customize/look-and-feel/)
+

astro/src/content/docs/get-started/use-cases/index.mdx

@@ -1,7 +1,7 @@
 ---
-title: Overview
+title: Use Cases Overview
 topOfNav: true
-description: An overview of FusionAuth Use Cases.
+description: An overview of common FusionAuth Use Cases.
 section: get started
 subcategory: use cases
 ---
@@ -34,7 +34,7 @@ Here's a table of the common use cases. If you have questions, feel free to [con
 
 | I Want To | Use Case Name | Description |
 |------------|------------|------------|
-| Log in to my application using FusionAuth to enable authentication features, such as MFA, to be configured rather than coded. | Auth as a service | <AuthServiceDescription /> |
+| Log in to my application using FusionAuth to enable authentication features, such as MFA, to be configured rather than coded. | [Auth as a service](/docs/get-started/use-cases/auth-service) | <AuthServiceDescription /> |
 | Enable SSO between my applications. | App suite | <AppSuiteDescription /> |
 | Allow my customers to offer access to my software to their customers, who are consumers. | Business to business to consumer (b2b2c) | <B2B2CDescription /> |
 | Allow my customers to offer access to my software to their customers, who are businesses, and their employees. | Business to business to employee (b2b2e) | <B2B2EDescription /> |

astro/src/content/docs/lifecycle/authenticate-users/identity-providers/overview-samlv2.mdx

@@ -5,6 +5,7 @@ navcategory: login-methods
 section: lifecycle
 subcategory: authenticate users
 tertcategory: identity providers
+tags: auth as a service
 ---
 import Aside from 'src/components/Aside.astro';
 import IdpApplicationConfiguration from 'src/content/docs/_shared/_idp-application-configuration.astro';

astro/src/content/docs/lifecycle/authenticate-users/identity-providers/social/google.mdx

@@ -6,6 +6,7 @@ section: lifecycle
 subcategory: authenticate users
 tertcategory: identity providers
 quatercategory: social
+tags: auth as a service
 ---
 import InlineField from 'src/components/InlineField.astro';
 import IdpApplicationConfiguration from 'src/content/docs/_shared/_idp-application-configuration.astro';

astro/src/content/docs/lifecycle/authenticate-users/multi-factor-authentication.mdx

@@ -4,6 +4,7 @@ description: Learn about how to use multi-factor authentication (MFA) in FusionA
 navcategory: developer
 section: lifecycle
 subcategory: authenticate users
+tags: auth as a service
 ---
 import PremiumPlanBlurb from 'src/content/docs/_shared/_premium-plan-blurb.astro';
 import DifferenceTwoFactorMultiFactor from 'src/content/docs/_shared/_difference-two-factor-multi-factor.mdx';

astro/src/content/docs/lifecycle/migrate-users/general-migration.mdx

@@ -3,6 +3,7 @@ title: General Migration Guide
 description: Learn how to migrate your users to FusionAuth.
 section: lifecycle
 subcategory: migrate users
+tags: auth as a service
 ---
 import JSON from 'src/components/JSON.astro';
 import ScrollRef from 'src/components/ScrollRef.astro';

astro/src/content/docs/lifecycle/register-users/basic-registration-forms.mdx

@@ -2,9 +2,9 @@
 title: Self-service Registration
 description: Learn about FusionAuth's Basic Self-service Registration Forms.
 navcategory: getting-started
-
 section: lifecycle
 subcategory: register users
+tags: auth as a service
 ---
 import PremiumPlanBlurb from 'src/content/docs/_shared/_premium-plan-blurb.astro';
 import RegistrationsSelfService from 'src/content/docs/_shared/_registrations-self-service.mdx';