From e490d25791b1d8ef405979e435ff793bbd70e4d5 Mon Sep 17 00:00:00 2001
From: sdimovv <36302090+sdimovv@users.noreply.github.com>
Date: Sun, 12 Feb 2023 13:13:32 +0000
Subject: [PATCH] website/integrations: Add danger annotation for using
 username as Nextcloud UID (#4667)

* Add danger annotation for using username as Nextcloud UID

* fix lint
---
 website/integrations/services/nextcloud/index.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/website/integrations/services/nextcloud/index.md b/website/integrations/services/nextcloud/index.md
index 743e6438b..302656929 100644
--- a/website/integrations/services/nextcloud/index.md
+++ b/website/integrations/services/nextcloud/index.md
@@ -49,6 +49,9 @@ In Nextcloud, ensure that the `SSO & SAML Authentication` app is installed. Navi
 Set the following values:
 
 -   Attribute to map the UID to: `http://schemas.goauthentik.io/2021/02/saml/uid`
+    :::danger
+    Nextcloud uses the UID attribute as username. However, mapping it to authentik usernames is **not recommended** due to their mutable nature. This can lead to security issues such as user impersonation. If you still wish to map the UID to an username, [disable username changing](../../../docs/installation/configuration#authentik_default_user_change_username) in authentik and set the UID attribute to "http://schemas.goauthentik.io/2021/02/saml/username".
+    :::
 -   Optional display name of the identity provider (default: "SSO & SAML log in"): `authentik`
 -   Identifier of the IdP entity (must be a URI): `https://authentik.company`
 -   URL Target of the IdP where the SP will send the Authentication Request Message: `https://authentik.company/application/saml/<application-slug>/sso/binding/redirect/`