openshift · abrennan89 · Aug 29, 2024 · Aug 21, 2024
diff --git a/authentication/understanding-identity-provider.adoc b/authentication/understanding-identity-provider.adoc
@@ -78,3 +78,10 @@ include::modules/authentication-remove-kubeadmin.adoc[leveloffset=+1]
 include::modules/identity-provider-parameters.adoc[leveloffset=+1]
 
 include::modules/identity-provider-default-CR.adoc[leveloffset=+1]
+
+include::modules/identity-provider-provisioning-user-lookup-mapping.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* link:https://access.redhat.com/solutions/6006921[How to create user, identity and map user and identity in LDAP authentication for `mappingMethod` as `lookup` inside the OAuth manifest]
+* link:https://access.redhat.com/solutions/7072510[How to create user, identity and map user and identity in OIDC authentication for `mappingMethod` as `lookup`]
diff --git a/modules/identity-provider-provisioning-user-lookup-mapping.adoc b/modules/identity-provider-provisioning-user-lookup-mapping.adoc
@@ -1,56 +1,37 @@
 // Module included in the following assemblies:
 //
-// * orphaned
+// * authentication/understanding-identity-provider.adoc
 
 [id="identity-provider-provisioning-user-lookup-mapping_{context}"]
 = Manually provisioning a user when using the lookup mapping method
 
-When using the `lookup` mapping method, user provisioning is done by an external system, via the API.
-Typically, identities are automatically mapped to users during login. The 'lookup' mapping method automatically
-disables this automatic mapping, which requires you to provision users manually.
+Typically, identities are automatically mapped to users during login. The `lookup` mapping method disables this automatic mapping, which requires you to provision users manually. If you are using the `lookup` mapping method, use the following procedure for each user after configuring the identity provider.
 
+.Prerequisites
 
-.Procedure 
+* You have installed the {oc-first}.
 
-If you are using the `lookup` mapping method, use the following steps for each user after configuring
-the identity provider:
+.Procedure
 
-. Create an {product-title} User, if not created already:
+. Create an {product-title} user:
 +
+[source,terminal]
 ----
 $ oc create user <username>
 ----
-+
-For example, the following command creates an {product-title} User `bob`:
-+
-----
-$ oc create user bob
-----
 
-. Create an {product-title} Identity, if not created already. Use the name of the identity provider and
-the name that uniquely represents this identity in the scope of the identity provider:
+. Create an {product-title} identity:
 +
+[source,terminal]
 ----
-$ oc create identity <identity-provider>:<user-id-from-identity-provider>
+$ oc create identity <identity_provider>:<identity_provider_user_id>
 ----
 +
-The `<identity-provider>` is the name of the identity provider in the master configuration,
-as shown in the appropriate identity provider section below.
-+
-For example, the following commands creates an Identity with identity provider `ldap_provider` and the identity provider user name `bob_s`.
-+
-----
-$ oc create identity ldap_provider:bob_s
-----
+Where `<identity_provider_user_id>` is a name that uniquely represents the user in the identity provider.
 
-. Create a user/identity mapping for the created user and identity:
-+
-----
-$ oc create useridentitymapping <identity-provider>:<user-id-from-identity-provider> <username>
-----
-+
-For example, the following command maps the identity to the user:
+. Create a user identity mapping for the created user and identity:
 +
+[source,terminal]
 ----
-$ oc create useridentitymapping ldap_provider:bob_s bob
+$ oc create useridentitymapping <identity_provider>:<identity_provider_user_id> <username>
 ----