From 7519a0594317ab6dfa1703f247850ebbbdc83005 Mon Sep 17 00:00:00 2001
From: Mladen Todorovic <mtodor@gmail.com>
Date: Thu, 16 Jan 2025 15:32:08 +0100
Subject: [PATCH] Add note about cloud services for shot-lived access

Co-authored-by: Kerry Carmichael <kcarmich@redhat.com>
---
 snippets/note-about-creating-tokens.adoc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/snippets/note-about-creating-tokens.adoc b/snippets/note-about-creating-tokens.adoc
index 158b14bf1ca8..871741a439df 100644
--- a/snippets/note-about-creating-tokens.adoc
+++ b/snippets/note-about-creating-tokens.adoc
@@ -10,4 +10,5 @@
 * To prevent privilege escalation, when you create a new token, your role's permissions limit the permission you can assign to that token. For example, if you only have `read` permission for the Integration resource, you cannot create a token with `write` permission.
 * If you want a custom role to create tokens for other users to use, you must assign the required permissions to that custom role.
 * Use short-lived tokens for machine-to-machine communication, such as CI/CD pipelines, scripts, and other automation. Also, use the `roxctl central login` command for human-to-machine communication, such as `roxctl` CLI or API access.
+* The majority of cloud service providers support OIDC identity tokens, for example, Microsoft Entra ID, Google Cloud Identity Platform, and AWS Cognito. OIDC identity tokens issued by these services can be used for {product-title-short} short-lived access.
 ====