<% url = aac.new_record? ? account_authentication_providers_url(account) :
account_authentication_provider_url(account, aac) %>
<%= form_for(aac,
as: :authentication_provider,
url: url,
html: {
id: "#{aac.new_record? ? 'new' : 'edit'}_#{presenter.id_suffix(aac)}",
class: "ic-Form-group ic-Form-group--horizontal authentication_provider_form"
}) do |f| %>
<%= f.hidden_field :auth_type, value: aac.auth_type, id: nil %>
<%= f.hidden_field :id, id: nil %>
<%= aac.class.display_name %>
<% if !aac.new_record? %>
<%= mt "You can log in directly with this provider by going to %{url}",
url: url_for(presenter.login_url_options(aac)) %>
<% end %>
<%= render partial: "#{aac.auth_type}_fields",
locals: {aac: aac, presenter: presenter, f: f}%>
<% if aac.class.recognized_federated_attributes != [] %>
<%= render partial: "federated_attributes", locals: { aac: aac, presenter: presenter, f: f } %>
<% end %>
<% if !aac.new_record? && aac.class.supports_debugging? %>
<%= render partial: "debugging", locals: { provider: aac } %>
<% end %>
<% if aac.account.mfa_settings != :disabled && (aac.auth_type != 'canvas' || aac.account.mfa_settings != :required) %>
<%= t('MFA Required') %>
<%# Make the value 'default' if MFA is required and this provider doesn't already require it so it doesn't become surprise sticky %>
<%= f.radio_button :mfa_option, aac.account.mfa_settings != :required || !!aac.settings["mfa_required"] ? 'required' : 'default',
id: "mfa_option_required_#{presenter.id_suffix(aac)}",
checked: !!aac.settings["mfa_required"] || (!aac.skip_internal_mfa? && aac.account.mfa_settings == :required) %>
<%= f.label :mfa_option, t('Canvas enforces MFA *When logging in through this Provider, Canvas will challenge the user with MFA, or require it to be configured.*',
wrappers: ['
\1']), for: "mfa_option_required_#{presenter.id_suffix(aac)}", class: 'ic-Label' %>
<% if aac.auth_type != 'canvas' %>
<%= f.check_box :otp_via_sms, class: 'otp_via_sms_checkbox', id: "otp_via_sms_#{presenter.id_suffix(aac)}" %>
<%= f.label :otp_via_sms, t('Send one-time passcodes via SMS (US carriers only)'), for: "otp_via_sms_#{presenter.id_suffix(aac)}", class: "ic-Label" %>
<% end %>
<% if aac.auth_type != 'canvas' %>
<%= f.radio_button :mfa_option, 'bypass', id: "mfa_option_bypass_#{presenter.id_suffix(aac)}", checked: aac.skip_internal_mfa? %>
<%= f.label :mfa_option, t('Provider enforces MFA *When logging in through this Provider, Canvas will explicitly skip MFA enforcement. This should only be used if the Provider has already guaranteed MFA before SSO into Canvas.*',
wrappers: ['
\1']), for: "mfa_option_bypass_#{presenter.id_suffix(aac)}", class: 'ic-Label' %>
<%end%>
<% if aac.account.mfa_settings != :required %>
<%= f.radio_button :mfa_option, 'optional', id: "mfa_option_optional_#{presenter.id_suffix(aac)}", checked: !aac.mfa_required? && !aac.skip_internal_mfa? %>
<%= f.label :mfa_option, t('User can opt in to MFA *Canvas will only challenge the user with MFA if they have configured it previously.*',
wrappers: ['
\1']), for: "mfa_option_optional_#{presenter.id_suffix(aac)}", class: 'ic-Label' %>
<%end%>
<% end %>
<% if presenter.configs.length > 1 %>
<%= f.label(:position,
t('Position'),
class: 'ic-Label',
for: "aac_position_#{presenter.id_suffix(aac)}") %>
<%= f.select(:position,
presenter.position_options(aac),
{},
class: "ic-Input",
id: "aac_position_#{presenter.id_suffix(aac)}") %>
<% end %>
<% if !aac.new_record? && aac.auth_type == "saml" && @current_pseudonym.authentication_provider != aac %>
<%= link_to(account_authentication_provider_refresh_metadata_url(account, aac),
method: "get",
id: "refresh-metadata-#{aac.id}",
data: { disable_with: t('refreshing...')},
class: 'Button') do %>
<%= t("Refresh Metadata") %>
<% end %>
<% end %>
<% if !aac.new_record? && @current_pseudonym.authentication_provider != aac %>
<%= link_to(account_authentication_provider_url(account, aac),
method: "delete",
rel: 'nofollow',
id: "delete-aac-#{aac.id}",
data: {
confirm: t('Are you sure?'),
disable_with: t('deleting...')
},
class: 'Button Button--danger') do %>
<%= t("Delete") %>
<% end %>
<% end %>
<%= f.button t('Save'), class: "Button Button--primary" %>
<% end %>