diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml
index 6e26d5ae9c..547fee5549 100644
--- a/src/man/sssd-ipa.5.xml
+++ b/src/man/sssd-ipa.5.xml
@@ -176,6 +176,25 @@
                     </listitem>
                 </varlistentry>
 
+                <varlistentry>
+                    <term>ipa_selinux_search_base (string)</term>
+                    <listitem>
+                        <para>
+                            Optional. Use the given string as search base for
+                            SELinux user maps.
+                        </para>
+                        <para>
+                            See <quote>ldap_search_base</quote> for
+                            information about configuring multiple search
+                            bases.
+                        </para>
+                        <para>
+                            Default: the value of
+                            <emphasis>ldap_search_base</emphasis>
+                        </para>
+                    </listitem>
+                </varlistentry>
+
                 <varlistentry>
                     <term>krb5_validate (boolean)</term>
                     <listitem>
@@ -368,6 +387,127 @@
                         </para>
                     </listitem>
                 </varlistentry>
+
+                <varlistentry>
+                    <term>ipa_selinux_usermap_object_class (string)</term>
+                    <listitem>
+                        <para>
+                            The object class of a host entry in LDAP.
+                        </para>
+                        <para>
+                            Default: ipaHost
+                        </para>
+                    </listitem>
+                </varlistentry>
+                <varlistentry>
+                    <term>ipa_selinux_usermap_name (string)</term>
+                    <listitem>
+                        <para>
+                            The LDAP attribute that contains the name
+                            of SELinux usermap.
+                        </para>
+                        <para>
+                            Default: cn
+                        </para>
+                    </listitem>
+                </varlistentry>
+                <varlistentry>
+                    <term>ipa_selinux_usermap_member_user (string)</term>
+                    <listitem>
+                        <para>
+                            The LDAP attribute that contains all users / groups
+                            this rule match against.
+                        </para>
+                        <para>
+                            Default: memberUser
+                        </para>
+                    </listitem>
+                </varlistentry>
+                <varlistentry>
+                    <term>ipa_selinux_usermap_member_host (string)</term>
+                    <listitem>
+                        <para>
+                            The LDAP attribute that contains all hosts / hostgroups
+                            this rule match against.
+                        </para>
+                        <para>
+                            Default: memberHost
+                        </para>
+                    </listitem>
+                </varlistentry>
+                <varlistentry>
+                    <term>ipa_selinux_usermap_see_also (string)</term>
+                    <listitem>
+                        <para>
+                            The LDAP attribute that contains DN of HBAC
+                            rule which can be used for matching instead
+                            of memberUser and memberHost
+                        </para>
+                        <para>
+                            Default: seeAlso
+                        </para>
+                    </listitem>
+                </varlistentry>
+                <varlistentry>
+                    <term>ipa_selinux_usermap_selinux_user (string)</term>
+                    <listitem>
+                        <para>
+                            The LDAP attribute that contains SELinux user
+                            string itself.
+                        </para>
+                        <para>
+                            Default: ipaSELinuxUser
+                        </para>
+                    </listitem>
+                </varlistentry>
+                <varlistentry>
+                    <term>ipa_selinux_usermap_enabled (string)</term>
+                    <listitem>
+                        <para>
+                            The LDAP attribute that contains whether
+                            or not is user map enabled for usage.
+                        </para>
+                        <para>
+                            Default: ipaEnabledFlag
+                        </para>
+                    </listitem>
+                </varlistentry>
+                <varlistentry>
+                    <term>ipa_selinux_usermap_user_category (string)</term>
+                    <listitem>
+                        <para>
+                            The LDAP attribute that contains user category
+                            such as 'all'.
+                        </para>
+                        <para>
+                            Default: userCategory
+                        </para>
+                    </listitem>
+                </varlistentry>
+                <varlistentry>
+                    <term>ipa_selinux_usermap_host_category (string)</term>
+                    <listitem>
+                        <para>
+                            The LDAP attribute that contains host category
+                            such as 'all'.
+                        </para>
+                        <para>
+                            Default: hostCategory
+                        </para>
+                    </listitem>
+                </varlistentry>
+                <varlistentry>
+                    <term>ipa_selinux_usermap_uuid (string)</term>
+                    <listitem>
+                        <para>
+                            The LDAP attribute that contains unique ID
+                            of the user map.
+                        </para>
+                        <para>
+                            Default: ipaUniqueID
+                        </para>
+                    </listitem>
+                </varlistentry>
             </variablelist>
         </para>
     </refsect1>
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 7217c9dd7d..0a81e76505 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -1026,6 +1026,31 @@
                         </para>
                     </listitem>
                 </varlistentry>
+                <varlistentry>
+                    <term>session_provider (string)</term>
+                    <listitem>
+                        <para>
+                            The provider which should handle loading of session
+                            settings.
+                            Supported session providers are:
+                        </para>
+                        <para>
+                            <quote>ipa</quote> to load session settings
+                            from an IPA server. See
+                            <citerefentry>
+                                <refentrytitle>sssd-ipa</refentrytitle>
+                                <manvolnum>5</manvolnum>
+                            </citerefentry> for more information on configuring IPA.
+                        </para>
+                        <para>
+                            <quote>none</quote> disallows fetching session settings explicitly.
+                        </para>
+                        <para>
+                            Default: <quote>id_provider</quote> is used if it
+                            is set and can handle session loading requests.
+                        </para>
+                    </listitem>
+                </varlistentry>
 
                 <varlistentry>
                     <term>lookup_family_order (string)</term>
