add global/org idp banner

messages/en-US.json

@@ -791,6 +791,9 @@
     "sitestCountIncrease": "Increase site count",
     "idpManage": "Manage Identity Providers",
     "idpManageDescription": "View and manage identity providers in the system",
+    "idpGlobalModeBanner": "Identity providers (IdPs) per organization are disabled on this server. It is using global IdPs (shared across all organizations). Manage global IdPs in the <adminPanelLink>admin panel</adminPanelLink>. To enable IdPs per organization, edit the server config and set IdP mode to org. <configDocsLink>See the docs</configDocsLink>. If you want to continue using global IdPs and make this disappear from the organization settings, explicitly set the mode to global in the config.",
+    "idpGlobalModeBannerUpgradeRequired": "Identity providers (IdPs) per organization are disabled on this server. It is using global IdPs (shared across all organizations). Manage global IdPs in the <adminPanelLink>admin panel</adminPanelLink>. To use identity providers per organization, you must upgrade to the Enterprise edition.",
+    "idpGlobalModeBannerLicenseRequired": "Identity providers (IdPs) per organization are disabled on this server. It is using global IdPs (shared across all organizations). Manage global IdPs in the <adminPanelLink>admin panel</adminPanelLink>. To use identity providers per organization, an Enterprise license is required.",
     "idpDeletedDescription": "Identity provider deleted successfully",
     "idpOidc": "OAuth2/OIDC",
     "idpQuestionRemove": "Are you sure you want to permanently delete the identity provider?",

src/app/[orgId]/settings/(private)/idp/page.tsx

@@ -5,6 +5,7 @@ import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
 import IdpTable, { IdpRow } from "@app/components/OrgIdpTable";
 import { getTranslations } from "next-intl/server";
 import { PaidFeaturesAlert } from "@app/components/PaidFeaturesAlert";
+import { IdpGlobalModeBanner } from "@app/components/IdpGlobalModeBanner";
 import { tierMatrix } from "@server/lib/billing/tierMatrix";
 
 type OrgIdpPageProps = {
@@ -36,6 +37,8 @@ export default async function OrgIdpPage(props: OrgIdpPageProps) {
                 description={t("idpManageDescription")}
             />
 
+            <IdpGlobalModeBanner />
+
             <PaidFeaturesAlert tiers={tierMatrix.orgOidc} />
 
             <IdpTable idps={idps} orgId={params.orgId} />

src/app/admin/users/page.tsx

@@ -50,7 +50,7 @@ export default async function UsersPage(props: PageProps) {
                 title={t("userTitle")}
                 description={t("userDescription")}
             />
-            <Alert variant="neutral" className="mb-6">
+            <Alert className="mb-6">
                 <InfoIcon className="h-4 w-4" />
                 <AlertTitle className="font-semibold">
                     {t("userAbount")}

src/app/navigation.tsx

@@ -125,7 +125,7 @@ export const orgNavSections = (env?: Env): SidebarNavSection[] => [
             ...((build === "oss" && !env?.flags.disableEnterpriseFeatures) ||
             build === "saas" ||
             env?.app.identityProviderMode === "org" ||
-            env?.app.identityProviderMode === undefined
+            (env?.app.identityProviderMode === undefined && build !== "oss")
                 ? [
                       {
                           title: "sidebarIdentityProviders",

src/components/IdpGlobalModeBanner.tsx

@@ -0,0 +1,65 @@
+"use client";
+
+import Link from "next/link";
+import { useTranslations } from "next-intl";
+import { Alert, AlertDescription } from "@app/components/ui/alert";
+import { Info } from "lucide-react";
+import { useEnvContext } from "@app/hooks/useEnvContext";
+import { usePaidStatus } from "@app/hooks/usePaidStatus";
+import { tierMatrix } from "@server/lib/billing/tierMatrix";
+import { build } from "@server/build";
+
+export function IdpGlobalModeBanner() {
+    const t = useTranslations();
+    const { env } = useEnvContext();
+    const { isPaidUser, hasEnterpriseLicense } = usePaidStatus();
+
+    const identityProviderModeUndefined =
+        env.app.identityProviderMode === undefined;
+    const paidUserForOrgOidc = isPaidUser(tierMatrix.orgOidc);
+    const enterpriseUnlicensed =
+        build === "enterprise" && !hasEnterpriseLicense;
+
+    if (build === "saas") {
+        return null;
+    }
+
+    if (!identityProviderModeUndefined) {
+        return null;
+    }
+
+    const adminPanelLinkRenderer = (chunks: React.ReactNode) => (
+        <Link href="/admin/idp" className="font-medium underline">
+            {chunks}
+        </Link>
+    );
+
+    return (
+        <Alert className="mb-6">
+            <Info className="h-4 w-4" />
+            <AlertDescription>
+                {paidUserForOrgOidc
+                    ? t.rich("idpGlobalModeBanner", {
+                          adminPanelLink: adminPanelLinkRenderer,
+                          configDocsLink: (chunks) => (
+                              <Link
+                                  href="https://docs.pangolin.net/manage/identity-providers/add-an-idp#organization-identity-providers"
+                                  target="_blank"
+                                  rel="noopener noreferrer"
+                                  className="font-medium underline"
+                              >
+                                  {chunks}
+                              </Link>
+                          )
+                      })
+                    : enterpriseUnlicensed
+                      ? t.rich("idpGlobalModeBannerLicenseRequired", {
+                            adminPanelLink: adminPanelLinkRenderer
+                        })
+                      : t.rich("idpGlobalModeBannerUpgradeRequired", {
+                            adminPanelLink: adminPanelLinkRenderer
+                        })}
+            </AlertDescription>
+        </Alert>
+    );
+}