Update onpremise-kubernetes.md

docs/organization-integration/onpremise-kubernetes.md

@@ -201,20 +201,17 @@ and Helm chart `values.yaml` contain the details for each secret.
 
 ## (D) Identity provider
 
-The on-premise version of Sigrid only supports single-sign-on (SSO); it does not maintain users 
-by itself. Hence, a connection to an identity provider (IdP) is mandatory and needs to be 
-configured in the Helm chart.
-
-The only supported protocol is OpenID Connect and consequently, it is best if an IdP compatible 
-with OpenID Connect is available (e.g., [Okta](https://www.okta.com) or [Auth0](https://auth0.com)). 
-While [Microsoft Entra](https://www.microsoft.com/en-us/security/business/microsoft-entra)
-also supports OpenID Connect, it is currently not possible to connect to Microsoft Entra directly. 
-Instead, a bridge needs to be used, such as [Keycloak](https://www.keycloak.org) or
-[Dex](https://dexidp.io). The latter is provided by Sigrid's Helm chart as an option.
+The on-premise version of Sigrid only supports single-sign-on (SSO); it does not maintain users by itself.
+Therefore, a connection to an identity provider (IdP) is mandatory and needs to be configured in the Helm chart.
+
+The only supported protocol for directly connecting to Sigrid is OpenID Connect.
+Consequently, it is best if an IdP compatible with OpenID Connect is available (e.g., [Okta](https://www.okta.com), 
+[Microsoft Entra](https://www.microsoft.com/en-us/security/business/microsoft-entra), or [Auth0](https://auth0.com)).
+[SIG's documentation](usermanagement.md#2-using-single-sign-on-sso-with-an-identity-provider-idp) largely applies with exception of the redirect URI.
 
-Note that for on-premise deployments, using SAML is only possible via a bridge such as [Dex]
-(https://dexidp.io). Consequently, [SIG's documentation](usermanagement.md#2-using-single-sign-on-sso-with-an-identity-provider-idp) for connecting hosted Sigrid to an IdP 
-does not apply.
+Note that for on-premise deployments, using LDAP or SAML is only possible via a bridge such as [Keycloak](https://www.keycloak.org) or
+[Dex](https://dexidp.io). The latter is provided by Sigrid's Helm chart as an option.
+Therefore, [SIG's documentation](usermanagement.md#2-using-single-sign-on-sso-with-an-identity-provider-idp) for connecting hosted Sigrid to an IdP does not apply.
 
 Configuring an identity provider (IdP) is a two-step process:
 1. Register an OpenID Connect client in the IdP.
@@ -233,7 +230,8 @@ Sigrid will be hosted and configured as described in Section B in this document.
 Registering an OpenID Connect client/app results in a client ID and client secret, which are 
 generated by the IdP. We'll need those in the next step.
 
-Note that many IdPs allow configuration of the information provided to clients in the OIDC identity token. Sigrid expects that this token reveals the email address, first name and last name of the user.
+Please note that many identity providers (IdPs) allow customization of the information included in the OpenID Connect (OIDC) identity token. Sigrid requires that this token contains the user's email address, first name, and last name.
+If you are utilizing Dex as your IdP bridge, the redirect URI should be set to `https://YOUR-DOMAIN.COM/dex/oauth2/callback`.
 
 #### Step 2: Configure the client in Sigrid's Helm chart