From 6718b78a30128049951302bd650d55254e205338 Mon Sep 17 00:00:00 2001
From: Tobias Niebergall <t.niebergall@e3n.de>
Date: Thu, 21 Nov 2024 23:44:42 +0100
Subject: [PATCH] Extend the SSO documentation

---
 bundles/security/index.rst | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/bundles/security/index.rst b/bundles/security/index.rst
index 97222304..053009ff 100644
--- a/bundles/security/index.rst
+++ b/bundles/security/index.rst
@@ -148,6 +148,12 @@ the user is then redirected to the SSO provider to authenticate. After successfu
 If the domain does not match the configured domain, the user is authenticated using the standard login form.
 On password reset, when the domain matches, the user is also redirected to the SSO provider.
 
+Enable SSO provider: 
+Before enabling the SSO provider, ensure you've created a role with the key USER, or set a key for your preferred default role and use it for the parameter ``default_role_key``.
+
+Redirect URL: 
+If your provider requires a redirect URL, provide your admin URL, e.g., ``sulu.io/admin``.
+
 .. note::
 
     At the moment, only the OpenID protocol is supported for Single-Sign-On authentication in Sulu.