From 896e360d08b8db75a0de3b6d487fe00fa77a59bf Mon Sep 17 00:00:00 2001
From: Justin Campbell <campb303@purdue.edu>
Date: Mon, 22 Mar 2021 17:03:13 -0400
Subject: [PATCH] Add note about valid users

---
 docs/api/Authentication.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/docs/api/Authentication.md b/docs/api/Authentication.md
index 36b0c6e..1cedd3e 100644
--- a/docs/api/Authentication.md
+++ b/docs/api/Authentication.md
@@ -2,7 +2,14 @@
 
 The webqueue2 API uses a two stage authentication system combining Active Directory and [HTTP Token](https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication) (or "bearer") authentication.
 
-All API calls require an access token. You can get an access token by making a POST request to the `/api/login` endpoint containing the JSON encoded username and password.
+All API calls require an access token. You can get an access token by making a POST request to the `/api/login` endpoint containing the JSON encoded username and password of a valid user.
+
+??? info "Who is a valid user?"
+    A valid user is a non-admin BoilerAD user who is in the `00000227-ECN-webqueue` group. Users cannot be added directly to this group. To be included in this group, a user must exist in one of the following groups:
+
+    - `00000227-ECNStaff`
+    - `00000227-ECNStuds`
+    - `00000227-ECN-webqueue-misc`
 
 === "fetch"
     ```javascript