From 7d34eab0eb6edffe69353a604a9f0c009f097051 Mon Sep 17 00:00:00 2001
From: Daryl White <53910321+djwfyi@users.noreply.github.com>
Date: Thu, 19 May 2022 12:58:51 -0500
Subject: [PATCH] Clarifying how to use groups with OIDC

---
 ...al-authentication-with-openid-identity-provider.rst | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/source/security/openid-external-identity-management/external-authentication-with-openid-identity-provider.rst b/source/security/openid-external-identity-management/external-authentication-with-openid-identity-provider.rst
index 1ff468e6..144f94a6 100644
--- a/source/security/openid-external-identity-management/external-authentication-with-openid-identity-provider.rst
+++ b/source/security/openid-external-identity-management/external-authentication-with-openid-identity-provider.rst
@@ -126,10 +126,12 @@ provider for instructions on configuring user claims.
 
 MinIO provides :ref:`built-in policies <minio-policy-built-in>` for basic access
 control. You can create new policies using the :mc:`mc admin policy` command, or
-by using the MinIO Console. MinIO does not support assigning :ref:`groups
-<minio-groups>` to an :abbr:`OIDC (OpenID Connect)` managed identity. Specify
-any and all policies to attach to the user as part of its :abbr:`JWT (JWT)`
-policy claim.
+by using the MinIO Console. 
+
+MinIO does not support using MinIO :ref:`groups <minio-groups>` with :abbr:`OIDC (OpenID Connect)`. 
+Instead, an :abbr:`OIDC (OpenID Connect)` administrator can use the configured OIDC claim to list multiple, comma-separated MinIO :ref:`policies <minio-policy>` to assign to the user.
+The OIDC administrator can create a type of "group" assignment managed entirely within :abbr:`OIDC (OpenID Connect)`.
+For example, ``'policy[,policy]'``.
 
 .. toctree::
    :titlesonly: