docs(cloud): Add IdP delegation documentation [PLAT-4827]

[justinegeffen]

Summary

Customer-facing documentation for PLAT-4827 — IdP delegation & claims mapping on Cloud Pro. Builds on top of the merged Cloud SSO foundation in #1213.

This PR adds the documentation layer that explains how organization owners can map a Seqera Team to an IdP group, populate the group catalog (SCIM or manual), and configure the Auth0 attribute mapping that lets the `groups` claim reach Seqera at login.

Pages added

Under platform-cloud/docs/getting-started/idp-delegation/:

• `overview.md` — concept hub: the three components, login evaluation, audit trail
• `group-catalog/overview.md` — SCIM vs manual entry, promotion, orphan behavior
• `group-catalog/scim-okta.md` — full Okta SCIM setup procedure
• `group-catalog/scim-entra-id.md` — full Entra ID SCIM setup procedure
• `group-catalog/manual-google-workspace.md` — manual catalog entries for Google Workspace
• `group-catalog/manual-keycloak.md` — manual catalog entries for Keycloak
• `auth0-connection-mapping.md` — copy-paste OIDC and SAML attribute mapping snippets
• `delegate-a-team.md` — admin procedure plus what changes at login

Pages updated

• `platform-cloud/cloud-sidebar.json` — new IdP delegation category nested in Get started
• `platform-cloud/docs/orgs-and-teams/organizations.md` — Teams section note + cross-link to the delegation procedure

AC coverage (PLAT-4827)

User story	Covered in
US1 / PLAT-5164 — Connect IdP groups	`group-catalog/*`
US2 / PLAT-5165 — Delegate a Team	`delegate-a-team.md`, `organizations.md`
US3 / PLAT-5166 — Login JIT evaluation	`overview.md`, `delegate-a-team.md`
US4 / PLAT-5167 — Immutability	`delegate-a-team.md`
US5 / PLAT-5168 — Audit trail (delegation/SCIM)	`overview.md` — "Audit trail"
US6 / PLAT-5169 — Cloud Basic upgrade prompt	`overview.md` info admonition
US7 / PLAT-5170 — Collaborator restriction	Covered by existing `single-sign-on.md` and `roles.md` (#1213)
USV / PLAT-5172 — Auth0 mapping copy-paste-ready	`auth0-connection-mapping.md`

Out of scope

• US8 / PLAT-5171 — workspace assignment usability content is blocked on Figma. Will follow in a separate PR once UX assets land.
• Audit log page — Cloud doesn't have a dedicated audit-log doc; SCIM/delegation audit content sits in `overview.md` instead. If a Cloud audit-log page is added later, the section here can be lifted.
• Changelog entries — landing separately.

Open questions for product/engineering

1. PLAT-5238 expectation-setting — should the Auth0 mapping page include a callout noting the wizard will pre-fill these snippets in a future release? Currently silent.
2. Screenshots — PLAT-5172 AC 1 implies the SCIM and Auth0 guides should be sufficient for setup without backend assistance. Would screenshots of the Okta, Entra, and Auth0 admin consoles raise the bar enough to commission them? Currently none.
3. Auth0 mapping for Enterprise-on-Auth0 customers — out of scope for this Cloud PR but flagged for the Enterprise companion PR.

Reviewers

CODEOWNERS will auto-request docs reviewers. Please also add:

• A PLAT-4827 SME (Andrew Dawson reported the epic; Rob Newman commented on it)

Test plan

• Local Docusaurus build (`npm start` or `npm run build` from repo root)
• All internal markdown links resolve
• New sidebar entries render in correct order under Get started → IdP delegation
• Cross-links from `organizations.md` and `single-sign-on.md` navigate correctly

Companion Enterprise PR: `justine-idp-enterprise` against `enterprise-26.1-documentation` (separate PR for the 26.1 release).

🤖 Generated with Claude Code

[netlify]

❌ Deploy Preview for seqera-docs failed. Why did it fail? →

Name	Link
🔨 Latest commit	1db0b87
🔍 Latest deploy log	https://app.netlify.com/projects/seqera-docs/deploys/6a04b973717c510008edecba