redhat-developer · hmanwani-rh · Feb 28, 2025 · Feb 17, 2025
diff --git a/modules/authentication/proc-enabling-authentication-with-rhbk.adoc b/modules/authentication/proc-enabling-authentication-with-rhbk.adoc
@@ -45,6 +45,7 @@ auth:
         metadataUrl: ${AUTH_OIDC_METADATA_URL}
         clientId: ${AUTH_OIDC_CLIENT_ID}
         clientSecret: ${AUTH_OIDC_CLIENT_SECRET}
+        prompt: auto
 signInPage: oidc
 ----
 
@@ -57,6 +58,13 @@ To configure the OIDC provider with your secrets.
 `sigInPage: oidc`::
 To enable the OIDC provider as default sign-in provider.
 
+`prompt: auto`::
+To allow the identity provider to automatically determine whether to prompt for credentials or bypass the login redirect if an active {rhsso} session exists.
+
+[NOTE]
+====
+If `prompt: auto` is not set, the identity provider defaults to `prompt: none`, which assumes that you are already logged in and rejects sign-in requests without an active session.
+====
 
 Optional: Consider adding the following optional fields:
 
@@ -78,6 +86,7 @@ auth:
         metadataUrl: ${AUTH_OIDC_METADATA_URL}
         clientId: ${AUTH_OIDC_CLIENT_ID}
         clientSecret: ${AUTH_OIDC_CLIENT_SECRET}
+        prompt: auto
 signInPage: oidc
 dangerouslyAllowSignInWithoutUserInCatalog: true
 ----
@@ -188,4 +197,3 @@ If multiple valid refresh tokens are issued due to frequent refresh token reques
 . Go to the {product-short} login page.
 . Your {product-short} sign-in page displays *Sign in using OIDC* and the Guest user sign-in is disabled.
 . Log in with OIDC by using the saved **Username** and **Password** values.
-