From 0cc18b806840f083a264dff9ec71993a366d9013 Mon Sep 17 00:00:00 2001
From: Ben Sheppard <ben.sheppard@camunda.com>
Date: Thu, 21 Mar 2024 11:29:34 +0000
Subject: [PATCH 1/2] docs(identity): Add note regarding single sign out
 limitation

---
 .../helm-kubernetes/guides/connect-to-an-oidc-provider.md      | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docs/self-managed/platform-deployment/helm-kubernetes/guides/connect-to-an-oidc-provider.md b/docs/self-managed/platform-deployment/helm-kubernetes/guides/connect-to-an-oidc-provider.md
index 437a6c987f..39b1cb2a00 100644
--- a/docs/self-managed/platform-deployment/helm-kubernetes/guides/connect-to-an-oidc-provider.md
+++ b/docs/self-managed/platform-deployment/helm-kubernetes/guides/connect-to-an-oidc-provider.md
@@ -197,6 +197,9 @@ global:
 
 ### Additional considerations
 
+Due to technical limitations regarding [third party content](https://openid.net/specs/openid-connect-frontchannel-1_0.html#ThirdPartyContent),
+front channel single sign out is not supported. This means that when a user logs out of one component, they will not be logged out of the other components.
+
 For authentication, the Camunda components use the scopes `email`, `openid`, `offline_access`, `profile`,
 and `<CLIENT_UUID>/.default`. To ensure your users are able to successfully authenticate with Entra ID, you must
 ensure that either there is

From add21cf6414324b9d3df622d4338165384d0d395 Mon Sep 17 00:00:00 2001
From: Ben Sheppard <ben.sheppard@camunda.com>
Date: Mon, 25 Mar 2024 08:51:33 +0000
Subject: [PATCH 2/2] docs(identity): backport to 8.4 docs regarding single
 sign out limitation

---
 .../helm-kubernetes/guides/connect-to-an-oidc-provider.md      | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/versioned_docs/version-8.4/self-managed/platform-deployment/helm-kubernetes/guides/connect-to-an-oidc-provider.md b/versioned_docs/version-8.4/self-managed/platform-deployment/helm-kubernetes/guides/connect-to-an-oidc-provider.md
index b4841ab984..16eb4a5748 100644
--- a/versioned_docs/version-8.4/self-managed/platform-deployment/helm-kubernetes/guides/connect-to-an-oidc-provider.md
+++ b/versioned_docs/version-8.4/self-managed/platform-deployment/helm-kubernetes/guides/connect-to-an-oidc-provider.md
@@ -184,6 +184,9 @@ global:
 
 ### Additional considerations
 
+Due to technical limitations regarding [third party content](https://openid.net/specs/openid-connect-frontchannel-1_0.html#ThirdPartyContent),
+front channel single sign out is not supported. This means that when a user logs out of one component, they will not be logged out of the other components.
+
 For authentication, the Camunda components use the scopes `email`, `openid`, `offline_access`, `profile`,
 and `<CLIENT_UUID>/.default`. To ensure your users are able to successfully authenticate with Entra ID, you must
 ensure that either there is