From 1ff9c3a89103c54207d1447109c65817f6b9aebb Mon Sep 17 00:00:00 2001
From: John Blackwell <john.blackwell@treno.io>
Date: Tue, 7 Jan 2025 15:42:02 -0500
Subject: [PATCH 1/2] clarify adding users to RBAC group

---
 pages/how-to/set-up/rbac.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pages/how-to/set-up/rbac.md b/pages/how-to/set-up/rbac.md
index 859578d8..5ca5b03e 100644
--- a/pages/how-to/set-up/rbac.md
+++ b/pages/how-to/set-up/rbac.md
@@ -51,7 +51,7 @@ subjects:
     name: michael@example.com
 ```
 
-To add the specific user `michael@example.com` identified by that email to the RBAC rules.
+To add the specific user `michael@example.com` identified by that email to the RBAC rules. For the purposes of this tutorial you will need to manually add the user to the Group created above by navigating to Settings > User Managment > Groups going to https://{you-console-instance}/settings/user-management/groups. Find the Edit Members tab in the group and add your member. 
 
 ## Define a GlobalService to sync the rbac fleet-wide
 

From a709f295e6ecdf3e6f76ca3b6d7d6255ae566a55 Mon Sep 17 00:00:00 2001
From: John Blackwell <john.blackwell@treno.io>
Date: Fri, 17 Jan 2025 15:59:04 -0500
Subject: [PATCH 2/2] use callout

---
 pages/how-to/set-up/rbac.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/pages/how-to/set-up/rbac.md b/pages/how-to/set-up/rbac.md
index 5ca5b03e..eb102323 100644
--- a/pages/how-to/set-up/rbac.md
+++ b/pages/how-to/set-up/rbac.md
@@ -28,8 +28,12 @@ subjects:
     name: sre
 ```
 
+{% callout severity="info" %}
 This role references the `sre` group in the Plural Console, which you can also configure to sync with your upstream identity provider or SSO.  For the purposes of the walkthrough, you can also manually create that group by navigating to Settings > User Management > Groups or going to https://{you-console-instance}/settings/user-management/groups
 
+For the purposes of this tutorial you will need to manually add user(s) to the Group created above by navigating to Settings > User Managment > Groups going to https://{you-console-instance}/settings/user-management/groups. Find the Edit Members tab in the group and add your member(s). 
+{% /callout %}
+
 {% callout severity="info" %}
 Plural uses a Kubernetes concept called [Impersonation](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#user-impersonation) to authenticate into an end cluster's API server with an identity that looks exactly like the current users' Plural Console identity.  The primary benefit of this is it allows you to mirror your SSO straight into kubernetes itself, rather than deal with cloud-specific authorization complexity.
 {% /callout %}
@@ -51,7 +55,7 @@ subjects:
     name: michael@example.com
 ```
 
-To add the specific user `michael@example.com` identified by that email to the RBAC rules. For the purposes of this tutorial you will need to manually add the user to the Group created above by navigating to Settings > User Managment > Groups going to https://{you-console-instance}/settings/user-management/groups. Find the Edit Members tab in the group and add your member. 
+To add the specific user `michael@example.com` identified by that email to the RBAC rules.
 
 ## Define a GlobalService to sync the rbac fleet-wide