Enhance the explanation for the group filter

1. Fix goharbor/harbor#19419 Signed-off-by: AllForNothing <sshijun@vmware.com>
goharbor · Oct 26, 2023 · e4e39cd · e4e39cd
1 parent c668d0f
commit e4e39cd
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/docs/administration/configure-authentication/oidc-auth.md b/docs/administration/configure-authentication/oidc-auth.md
@@ -30,15 +30,15 @@ Before configuring an OIDC provider in Harbor, make sure that your provider is c
 
    ![LDAP authentication](../../../img/select-oidc-auth.png)
 1. Enter information about your OIDC provider.   
-   - **Primary Auth Mode**: Whether to use the OIDC mode as the primary auth mode. 
-     {{< note >}}
-     To override and login via DB is possible when visiting the URL '/account/sign-in' explicitly
-     {{< /note >}}
+   - **Primary Auth Mode**: Whether to use the OIDC mode as the primary auth mode.
+{{< note >}}
+To override and login via DB is possible when visiting the URL '/account/sign-in' explicitly
+{{< /note >}}   
    - **OIDC Provider Name**: The name of the OIDC provider.
    - **OIDC Provider Endpoint**: The URL of the endpoint of the OIDC provider.
    - **OIDC Client ID**: The client ID with which Harbor is registered as  client application with the OIDC provider.
    - **OIDC Client Secret**: The secret for the Harbor client application.
-   - **OIDC Group Filter**: The [regular expression](https://pkg.go.dev/regexp/syntax) to filter OIDC groups.Only the groups that match the provided regular express will be added to Harbor.
+   - **OIDC Group Filter**: The [regular expression](https://pkg.go.dev/regexp/syntax) to filter OIDC groups.Only the groups that match the provided regular express will be added to Harbor. It only filter the groups, doesn’t limit the users login to Harbor.
    - **Group Claim Name**: The name of a custom group claim that you have configured in your OIDC provider, that includes the groups to add to Harbor.
    - **OIDC Admin Group**: The name of the admin group, if the ID token of the user shows that he is a member of this group, the user will have admin
      privilege in Harbor. **Note**: You can only set one Admin Group.  Please also make sure the value in this field matches the value of group item in ID token.