PRO-2596 Adjust SSO documentation (#228)

* PRO-2596:add callout for Admin user e-mail in sso

* amend text

* update saml-config screenshot

* okta-integration-5

* fix: change verbiage to reflect new field literal

* sync 'important' field verbiage between all three sso pages

---------

Co-authored-by: Peter Grace <[email protected]>
Co-authored-by: null <null>

Author: PeterGrace

docs/enterprise/adfs-sso.md

@@ -19,7 +19,10 @@ StackBlitz is excited to offer SAML-based Single Sign-on (SSO) to organizations
 ## StackBlitz Admin Panel Auth Settings Page
 
 :::warning IMPORTANT: 
-Admin accounts should not be made with an individual work email that will be used to create a separate user account later. Should this happen, we recommend the following steps:
+Each user account (including the Admin User) must have a unique email address. Use a service account email address (like [email protected]) to ensure that the admin account doesn't cause email collisions for SSO users. If your admin email address matches an SSO user's email address, said SSO user will receive an "invalid login or password" error when signing in.  
+\
+ 
+Should this happen, we recommend the following steps:
   - Log in as admin
   - Navigate to `https://editor.stackblitz.[COMPANY.COM]/users/edit` to change your email address to a different one. It will show the same screen as the changing email/password when first logging in as an admin, but you only need to change your email.
 :::

docs/enterprise/assets/okta-sso/okta-integration-5.png

@@ -19,7 +19,10 @@ StackBlitz SAML integration relies on a user-level token. To ensure consistent d
 ### Navigate to Auth Settings Page Within the Admin Panel
 
 :::warning IMPORTANT: 
-Admin accounts should not be made with an individual work email that will be used to create a separate user account later. Should this happen, we recommend the following steps:
+Each user account (including the Admin User) must have a unique email address. Use a service account email address (like [email protected]) to ensure that the admin account doesn't cause email collisions for SSO users. If your admin email address matches an SSO user's email address, said SSO user will receive an "invalid login or password" error when signing in.  
+\
+ 
+Should this happen, we recommend the following steps:
   - Log in as admin
   - Navigate to `https://editor.stackblitz.[COMPANY.COM]/users/edit` to change your email address to a different one. It will show the same screen as the changing email/password when first logging in as an admin, but you only need to change your email.
 :::
@@ -43,7 +46,7 @@ Next, fill out the `App name` for the SAML integration. This is what the App wil
 On the next page, you'll need to fill out a few options using values from the Auth Settings page in the StackBlitz admin dashboard.
 
 - For the `Single sign on URL`, use the `Assertion Customer Service URL` from the StackBlitz Auth Settings page.
-- For `Audience URI (SP Entity ID)`, choose an identifier for the SAML application. We recommend using `stackblitz`. Use the same value in your StackBlitz SAML settings for `Issuer (Service Provider Entity ID)`.
+- For `Audience URI (SP Entity ID)`, choose an identifier for the SAML application. We recommend using `stackblitz`. Use the same value in your StackBlitz SAML settings for `Client ID (Service Provider Entity ID / Issuer)`.
 - In the `Attribute Statements (optional)` section, you must configure the `email` and `name` attributes for your users. We recommend using `user.email` for the `email` attribute, and `user.firstName + " " + user.lastName` for the `name` attribute.
 
 ![Configure SAML Integration in Okta](./assets/okta-sso/okta-integration-3.png)

docs/enterprise/assets/saml-config.png

@@ -17,10 +17,15 @@ StackBlitz SAML integration relies on a user-level token. To ensure consistent d
 - StackBlitz offers just-in-time provisioning. This means that if a user logs into StackBlitz for the first time using SSO, an account will automatically be created.
 :::
 
+
+
 ### Configure your IdP
 
 :::warning IMPORTANT: 
-Admin accounts should not be made with an individual work email that will be used to create a separate user account later. Should this happen, we recommend the following steps:
+Each user account (including the Admin User) must have a unique email address. Use a service account email address (like [email protected]) to ensure that the admin account doesn't cause email collisions for SSO users. If your admin email address matches an SSO user's email address, said SSO user will receive an "invalid login or password" error when signing in.  
+\
+ 
+Should this happen, we recommend the following steps:
   - Log in as admin
   - Navigate to `https://editor.stackblitz.[COMPANY.COM]/users/edit` to change your email address to a different one. It will show the same screen as the changing email/password when first logging in as an admin, but you only need to change your email.
 :::
@@ -57,4 +62,4 @@ Please ensure that the email addresses in the IdP are what your users will be us
 
 ### Troubleshooting
 
-If you're unable to login after verifying these things, please reach out to [[email protected]](mailto:[email protected]) for support.
+If you're unable to login after verifying these things, please reach out to [[email protected]](mailto:[email protected]) for support.