From 085c3eacedca20cf5995412e9076cb73446b0b70 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dani=C3=ABl=20van=20Eeden?= <git@myname.nl>
Date: Thu, 25 Sep 2025 10:42:14 +0200
Subject: [PATCH 1/2] dashboard: permissions for setting up SSO

---
 dashboard/dashboard-session-sso.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/dashboard/dashboard-session-sso.md b/dashboard/dashboard-session-sso.md
index 900c1944824d7..ea8c3cb5df6d3 100644
--- a/dashboard/dashboard-session-sso.md
+++ b/dashboard/dashboard-session-sso.md
@@ -11,6 +11,10 @@ TiDB Dashboard supports [OIDC](https://openid.net/connect/)-based Single Sign-On
 
 ### Enable SSO
 
+> **Note:**
+>
+> The **Enable to use SSO when sign into TiDB Dashboard** option will be greyed out if the account doesn't have the `SYSTEM_VARIABLES_ADMIN` permission. See [TiDB Dashboard User Management](/dashboard/dashboard-user.md) for more details on permissions.
+
 1. Sign into TiDB Dashboard.
 
 2. Click the username in the left sidebar to access the configuration page.

From 36ad85dd1f619704012c788173fb3f94769deb3c Mon Sep 17 00:00:00 2001
From: Grace Cai <qqzczy@126.com>
Date: Fri, 26 Sep 2025 19:19:24 +0800
Subject: [PATCH 2/2] move the note to step3 where the option is mentioned

---
 dashboard/dashboard-session-sso.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/dashboard/dashboard-session-sso.md b/dashboard/dashboard-session-sso.md
index ea8c3cb5df6d3..16738046aec6b 100644
--- a/dashboard/dashboard-session-sso.md
+++ b/dashboard/dashboard-session-sso.md
@@ -11,16 +11,16 @@ TiDB Dashboard supports [OIDC](https://openid.net/connect/)-based Single Sign-On
 
 ### Enable SSO
 
-> **Note:**
->
-> The **Enable to use SSO when sign into TiDB Dashboard** option will be greyed out if the account doesn't have the `SYSTEM_VARIABLES_ADMIN` permission. See [TiDB Dashboard User Management](/dashboard/dashboard-user.md) for more details on permissions.
-
 1. Sign into TiDB Dashboard.
 
 2. Click the username in the left sidebar to access the configuration page.
 
 3. In the **Single Sign-On** section, select **Enable to use SSO when sign into TiDB Dashboard**.
 
+    > **Note:**
+    >
+    > If your account does not have the `SYSTEM_VARIABLES_ADMIN` permission, the **Enable to use SSO when sign into TiDB Dashboard** option is disabled. For more information on permissions, see [TiDB Dashboard User Management](/dashboard/dashboard-user.md).
+
 4. Fill the **OIDC Client ID** and the **OIDC Discovery URL** fields in the form.
 
     Generally, you can obtain the two fields from the SSO service provider:
@@ -241,4 +241,4 @@ Now TiDB Dashboard has been configured to use Auth0 SSO for sign-in.
 
     ![Settings](/media/dashboard/dashboard-session-sso-casdoor-settings-3.png)
 
-Now TiDB Dashboard has been configured to use Casdoor SSO for sign-in.
\ No newline at end of file
+Now TiDB Dashboard has been configured to use Casdoor SSO for sign-in.