From 69cf4e8751adcd352a775d4747bc6c622cfb3c75 Mon Sep 17 00:00:00 2001
From: Therese Magnusson <therese.magnusson@neo4j.com>
Date: Thu, 10 Apr 2025 11:26:56 +0200
Subject: [PATCH] Add a note about the automatic group_to_role_mapping being
 disabled (#2233)

when any groups and roles are explicitly given
---
 .../pages/authentication-authorization/sso-integration.adoc | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/modules/ROOT/pages/authentication-authorization/sso-integration.adoc b/modules/ROOT/pages/authentication-authorization/sso-integration.adoc
index e64a4e3c5..d4dc85a6f 100644
--- a/modules/ROOT/pages/authentication-authorization/sso-integration.adoc
+++ b/modules/ROOT/pages/authentication-authorization/sso-integration.adoc
@@ -190,6 +190,12 @@ Custom-defined roles, such as `rolename`, must be explicitly created using the `
 See link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/manage-roles[the Cypher Manual -> Creating roles].
 ====
 
+[NOTE]
+====
+When specifying explicit group to role mapping the automatic mapping for groups and roles sharing a name is disabled.
+This means that all groups and roles need to be specified to be mapped, even if they share a name.
+====
+
 [[auth-sso-configure-provider]]
 == Configure Neo4j to use an OpenID Connect Identity Provider