diff --git a/SSO-Authentication.md b/SSO-Authentication.md
index 9336970..53a323b 100644
--- a/SSO-Authentication.md
+++ b/SSO-Authentication.md
@@ -114,13 +114,14 @@ To link a user to SSO add a new `credentials` entry:
     credentials:
     ... 
 +   - type: sso
++     provider: azure
 +     email: c.wilde@acme.in
 +   require:
 +     http: [sso]
 +     ssh: [web]
 ```
 
-Here, we've also set SSO to be the only required login credential for HTTP auth, and have set SSH to use out-of-band web authentication.
+Here, we've also set SSO to be the only required login credential for HTTP auth, and have set SSH to use out-of-band web authentication. You can omit the `provider` key if there's only one provider, or if you don't care which provider confirms the user's e-mail.
 
 > `web` (OOB web authentication) means that Warpgate will send a login link to the SSH client and will wait for the user to authenticate themselves in a browser. The auth requirements will be the same as set for the `http` protocol.