From 581dd9fadd85d56e774346acf3c3abd713e25a5c Mon Sep 17 00:00:00 2001
From: imilinovic <ivan.milinovic123@gmail.com>
Date: Wed, 19 Nov 2025 10:50:39 +0100
Subject: [PATCH 1/2] sso docs

---
 .../auth-system-integrations.mdx                     | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/pages/database-management/authentication-and-authorization/auth-system-integrations.mdx b/pages/database-management/authentication-and-authorization/auth-system-integrations.mdx
index 1213de444..5fe0d9f1f 100644
--- a/pages/database-management/authentication-and-authorization/auth-system-integrations.mdx
+++ b/pages/database-management/authentication-and-authorization/auth-system-integrations.mdx
@@ -470,6 +470,18 @@ You can determine token audiences by decoding tokens via tools like `jwt.io` and
  inspecting the `aud` field. In many cases, both tokens use the same audience
 (for example, Entra ID uses the client ID).
 
+##### Self-signed certificates
+
+If your custom OIDC identity provider uses self-signed certificates, you can
+configure Memgraph to trust them by setting the `MEMGRAPH_SSO_CUSTOM_OIDC_EXTRA_CA_CERTS`
+environment variable. This variable should point to a file containing the CA
+certificates that should be trusted when connecting to your
+identity server.
+
+```bash
+MEMGRAPH_SSO_CUSTOM_OIDC_EXTRA_CA_CERTS=/path/to/ca-certificates
+```
+
 #### Connect via Neo4j drivers
 
 When connecting through a Neo4j driver, you can provide:

From 44fd182e2115ddc4a58ed655b1b0f59e3b7249ca Mon Sep 17 00:00:00 2001
From: Matea Pesic <80577904+matea16@users.noreply.github.com>
Date: Wed, 19 Nov 2025 11:00:37 +0100
Subject: [PATCH 2/2] Update
 pages/database-management/authentication-and-authorization/auth-system-integrations.mdx

---
 .../auth-system-integrations.mdx                                | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pages/database-management/authentication-and-authorization/auth-system-integrations.mdx b/pages/database-management/authentication-and-authorization/auth-system-integrations.mdx
index 5fe0d9f1f..40df01554 100644
--- a/pages/database-management/authentication-and-authorization/auth-system-integrations.mdx
+++ b/pages/database-management/authentication-and-authorization/auth-system-integrations.mdx
@@ -470,7 +470,7 @@ You can determine token audiences by decoding tokens via tools like `jwt.io` and
  inspecting the `aud` field. In many cases, both tokens use the same audience
 (for example, Entra ID uses the client ID).
 
-##### Self-signed certificates
+{<h5 className="custom-header">Self-signed certificates</h5>}
 
 If your custom OIDC identity provider uses self-signed certificates, you can
 configure Memgraph to trust them by setting the `MEMGRAPH_SSO_CUSTOM_OIDC_EXTRA_CA_CERTS`