diff --git a/SUMMARY.md b/SUMMARY.md
index c7146a854ec8a7cf35aaa9545a33aa8c5dd50133..ace0f7f0958fff00a51dbb5e6bf408bd874c68ce 100644
--- a/SUMMARY.md
+++ b/SUMMARY.md
@@ -11,7 +11,9 @@
* [Gateway](for-developers/configuration/gateway.md)
* [Connectors](docs/for-developers/connector/README.md)
* [Parsing response with JSONdata](docs/gateway/Connector/Parsing-response-with-JSONata.md)
-* [Authentication](for-developers/authentication.md)
+* [Gateway](for-developers/gateway/README.md)
+ * [🔑 Authentication](for-developers/gateway/authentication.md)
+ * [👥 Users](for-developers/gateway/users.md)
* [Frontend](docs/for-developers/frontend/README.md)
* [Update GraphQL Queries](docs/frontend/Update-queries-GrahpQL-in-the-frontend.md)
- * [Visualisations](for-developers/frontend/visualisations.md)
+ * [📊 Visualisations](for-developers/frontend/visualisations.md)
diff --git a/for-developers/configuration/gateway.md b/for-developers/configuration/gateway.md
index 4c34247036889af4ce4ea1337f1e5a3b7460e657..2b16dacfcbdfbc415f9091c3086a000032787d21 100644
--- a/for-developers/configuration/gateway.md
+++ b/for-developers/configuration/gateway.md
@@ -28,6 +28,7 @@ description: >-
| AUTH\_JWT\_TOKEN\_EXPIRES\_IN | string | '2d' | <p>JWT token time to live.</p><p>Expressed in seconds or a string describing a time span <a href="https://github.com/vercel/ms">vercel/ms</a></p> |
| AUTH\_COOKIE\_SAME\_SITE | string | 'strict' | Specify the cookie same site option. Value can be `lax`, `strict` or `none` |
| AUTH\_COOKIE\_SECURE | boolean | true | Specify the cookie secure option. Should be set to true if same site is not set to `strict`. |
+| AUTH\_ENABLE\_SSO | boolean | false | Enable SSO login process, this variable will be provided to the frontend in order to perform the login. |
#### Database
@@ -39,11 +40,21 @@ description: >-
| DB\_PASSWORD | string | pass123 | Password |
| DB\_NAME | string | postgres | Name of the database's instance |
-### Overwrite
+#### Matomo
+
+Matomo is an open source alternative to Google Analytics. The gateway provide this configuration in order to be used by any frontend. The real implementation is left to the frontend.
+
+| name | type | default | description |
+| ---------------- | ------------------- | --------- | --------------------------------------------------------------------------------------------------- |
+| MATOMO\_ENABLED | boolean | false | Enable or disable Matomo |
+| MATOMO\_URL | string \| undefined | undefined | Base url for matomo scripts and data reporting. This parameter is `required` if Matomo is `enabled` |
+| MATOMO\_SITE\_ID | string \| undefined | undefined | Matomo Website ID. This parameter is required if `Matomo` is `enabled`. |
+
+### Overwrite parameters
These parameters can be overwrite by either
-* setting a variable in `.env` file (you can create it if it does not exist) along with the file .env.defaults in the root folder
+* setting a variable in `.env` file (you can create it if it does not exist) along with the file `.env.defaults` in the root folder
* or setting an environment variable on your system
-Default variables are stored in the `.env.defaults` file and under the `db.config.ts` file for the database configuration.
+Default variables are stored in the `.env.defaults` file, under the `db.config.ts` file for the database configuration and `matomo.config.ts` for Matomo configuration.
diff --git a/for-developers/frontend/visualisations.md b/for-developers/frontend/visualisations.md
index fbf4f7da20ecdabb28e5ce8a52bd452b9604305a..56395ce99f2db62122194abc64401a12c204838d 100644
--- a/for-developers/frontend/visualisations.md
+++ b/for-developers/frontend/visualisations.md
@@ -1,4 +1,4 @@
-# Visualisations
+# 📊 Visualisations
To see the different possible visualisations in the frontend we have integrated [storybook.js](https://storybook.js.org) directly in the frontend.
@@ -10,5 +10,5 @@ yarn storybook
This command will give you access to the a website with all the visualisation that are currently implemented.
-.png>)
+.png>)
diff --git a/for-developers/gateway/README.md b/for-developers/gateway/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..342b3ae0ea594fa61eaa01233074965ffc14263d
--- /dev/null
+++ b/for-developers/gateway/README.md
@@ -0,0 +1,2 @@
+# Gateway
+
diff --git a/for-developers/gateway/authentication.md b/for-developers/gateway/authentication.md
new file mode 100644
index 0000000000000000000000000000000000000000..6c8a63fa9d5e7bf3a606cca9069b135d6301f6f9
--- /dev/null
+++ b/for-developers/gateway/authentication.md
@@ -0,0 +1,92 @@
+# 🔑 Authentication
+
+The authentication implementation is based on [passport.js](https://www.passportjs.org) it allows a flexible way to implement different strategies inside the gateway. 
+
+For now the authentication system is quite simple and only use JWT. The real implementation of authorization and authentication is left to the connector/engine. 
+
+#### How it works ?
+
+The communication between the frontend and the gateway is handled by JWT token who contains user information such as his username.
+
+.png>)
+
+The gateway will handle the authentication process with the frontend in a unique fashion always using a JWT token. This token can contains information specific to some connector. For that purpose the user model contains a field `extraFields` which basically a dictionary. 
+
+{% code title="user.model.ts" %}
+```typescript
+import { Field, ObjectType } from '@nestjs/graphql';
+import { Entity, PrimaryColumn, Column } from 'typeorm';
+
+@Entity({ name: 'user' })
+@ObjectType()
+export class User {
+ @PrimaryColumn()
+ @Field()
+ id: string;
+
+ @Field()
+ username: string;
+
+ @Field({ nullable: true })
+ fullname?: string;
+
+ @Field({ nullable: true })
+ email?: string;
+
+ @Column({ nullable: true, default: false })
+ @Field({ nullable: true })
+ agreeNDA?: boolean;
+
+ extraFields?: Record<string, any>;
+}
+```
+{% endcode %}
+
+This field can be used by the connector to store information related to the user as other token for engine API endpoints.
+
+#### Login 
+
+The real login system is delegated to the connector by using the `login` method in the interface.
+
+{% code title="engine.interface.ts" %}
+```typescript
+export interface IEngineService {
+ // ...
+
+ /**
+ * Method that login a user with username and password
+ * @param username
+ * @param password
+ * @returns User object or empty if user not found
+ */
+ login?(
+ username: string,
+ password: string,
+ ): Promise<User | undefined>;
+
+ // ...
+}
+```
+{% endcode %}
+
+This method can be optional as the authentication can be made by a 3rd party system under the same domain as this is the case for `exareme`.
+
+When the login is performed, this function should return a `User` object and can feed the `extraFields` attribute with data needed to perform future request to the engine.
+
+#### Logout
+
+The same mechanism is applied to the logout system using the method logout from the engine.
+
+{% code title="engine.interface.ts" %}
+```typescript
+export interface IEngineService {
+ // ...
+
+ logout?(req: Request
+ ): Promise<void>;
+
+ // ...
+}
+```
+{% endcode %}
+
diff --git a/for-developers/gateway/users.md b/for-developers/gateway/users.md
new file mode 100644
index 0000000000000000000000000000000000000000..40dd3a1cd50388ab5dec4d11b2eee1a139d6a81a
--- /dev/null
+++ b/for-developers/gateway/users.md
@@ -0,0 +1,68 @@
+# 👥 Users
+
+This page describe how users are managed in the gateway. There is mainly two functions in the users module 
+
+* `GetUser` which retrieve the current user logged in (active user)
+* `UpdateUser` which allow the active user to modify is own profile (mainly for `agreeNDA`)
+
+The gateway is not meant to manage users directly. This is the engine's role to provide the user and a way to modify them. Thus the gateway provide support for some specific user's attribute that are closely related to the MIP usage. For now the Gateway can only manage the `agreeNDA` property for each user but this can be easily extended.
+
+### How it works ?
+
+Let's say we want to retrieve the current user, the gateway will ask through the connector for the user's data in the same time the gateway will look in his own database if it has some data for this user. Then both data are merged to fit the User model. Data from the engine have precedence over the gateway data in case of conflict.
+
+{% code title="user.model.ts" %}
+```typescript
+@Entity({ name: 'user' })
+@ObjectType()
+export class User {
+ @PrimaryColumn()
+ @Field()
+ id: string;
+
+ @Field()
+ username: string;
+
+ @Field({ nullable: true })
+ fullname?: string;
+
+ @Field({ nullable: true })
+ email?: string;
+
+ @Column({ nullable: true, default: false })
+ @Field({ nullable: true })
+ agreeNDA?: boolean;
+
+ extraFields?: Record<string, any>;
+}
+```
+{% endcode %}
+
+After merging data from both source and make some integrity check the gateway will be able to present a full user object in a flexible way.
+
+#### Update user profile
+
+So now we know that the data can be retrieve through two different sources, how will we handle updating our user profile ? The system is simple, the gateway will ask the connector if he can handle the user's update by looking if the function `updateUser` is defined in the connector. If it's defined it means that the engine can handle at least some part of the update, so we delay the work to the engine. Now if the engine cannot handle all the update data, the connector can decide to return some attributes back to the gateway. 
+
+{% code title="example return update data" %}
+```typescript
+ async updateUser(
+ request: Request,
+ userId: string,
+ data: UpdateUserInput
+ ): Promise<UpdateUserInput | undefined> {
+ const path = this.options.baseurl + 'user';
+ const response = await firstValueFrom(
+ this.post<string>(request, path, {
+ prop1: data.attrib1,
+ prop2: data.attrib2
+ }),
+ );
+
+ const { attrib1, attrib2, ...subset } = UpdateUserInput // Subset of updateData
+ return subset;
+ }
+```
+{% endcode %}
+
+The returned attributes will be provided back to the gateway and will be handle internally as far as it can do it.