From bdbdebf551922cb5f86989d3487983afe919e361 Mon Sep 17 00:00:00 2001
From: Mendon Kissling <59585235+mendonk@users.noreply.github.com>
Date: Tue, 7 Oct 2025 13:00:31 -0400
Subject: [PATCH] oauth-noauth-settings

---
 docs/docs/core-components/knowledge.mdx |  8 ++++++++
 docs/docs/get-started/install.mdx       | 11 +++++++----
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/docs/docs/core-components/knowledge.mdx b/docs/docs/core-components/knowledge.mdx
index d2a74ca4..15826c87 100644
--- a/docs/docs/core-components/knowledge.mdx
+++ b/docs/docs/core-components/knowledge.mdx
@@ -15,6 +15,14 @@ OpenRAG uses [OpenSearch](https://docs.opensearch.org/latest/) for its vector-ba
 This is a specialized database for storing and retrieving embeddings, which helps your Agent efficiently find relevant information.
 OpenSearch provides powerful hybrid search capabilities with enterprise-grade security and multi-tenancy support.
 
+## Authentication and document access {#auth}
+
+OpenRAG supports two authentication modes based on how you [install OpenRAG](/install), and which mode you choose affects document access.
+
+**No-auth mode (Basic Setup)**: This mode uses a single anonymous JWT token for OpenSearch authentication, so documents uploaded to the `documents` index by one user are visible to all other users on the OpenRAG server.
+
+**OAuth mode (Advanced Setup)**: Each OpenRAG user is granted a JWT token, and each document is tagged with user ownership. Documents are filtered by user ownership, ensuring users only see documents they uploaded or have access to. 
+
 ## Ingest knowledge
 
 OpenRAG supports knowledge ingestion through direct file uploads and OAuth connectors.
diff --git a/docs/docs/get-started/install.mdx b/docs/docs/get-started/install.mdx
index 1759e813..851bce07 100644
--- a/docs/docs/get-started/install.mdx
+++ b/docs/docs/get-started/install.mdx
@@ -65,13 +65,15 @@ The OpenRAG wheel installs the Terminal User Interface (TUI) for configuring and
 ## Set up OpenRAG with the TUI {#setup}
 
 The TUI creates a `.env` file in your OpenRAG directory root and starts OpenRAG.
+If the TUI detects a `.env` file in the OpenRAG root directory, it sources any variables from the `.env` file.
+If the TUI detects OAuth credentials, it enforces the **Advanced Setup** path.
 
-**Basic Setup** generates all of the required values except the OpenAI API key.
-**Basic Setup** does not set up OAuth connections for ingestion from Google Drive, OneDrive, or AWS.
+**Basic Setup** generates all of the required values for OpenRAG except the OpenAI API key.
+**Basic Setup** does not set up OAuth connections for ingestion from cloud providers.
 For OAuth setup, use **Advanced Setup**.
 
-If the TUI detects OAuth credentials, it enforces the **Advanced Setup** path.
-If the TUI detects a `.env` file in the OpenRAG root directory, it will source any variables from the `.env` file.
+**Basic Setup** and **Advanced Setup** enforce the same authentication settings for the Langflow server, but manage document access differently. For more information, see [Authentication and document access](/knowledge#auth).
+
 <Tabs groupId="Setup method">
   <TabItem value="Basic setup" label="Basic setup" default>
 
@@ -90,6 +92,7 @@ If the TUI detects a `.env` file in the OpenRAG root directory, it will source a
    7. Continue with [Application Onboarding](#application-onboarding).
   </TabItem>
   <TabItem value="Advanced setup" label="Advanced setup">
+
    1. To install OpenRAG with **Advanced Setup**, click **Advanced Setup** or press <kbd>2</kbd>. 
    2. Click **Generate Passwords** to generate passwords for OpenSearch and Langflow.
    3. Paste your OpenAI API key in the OpenAI API key field.