diff --git a/modules/ROOT/images/organizationsettings.png b/modules/ROOT/images/organizationsettings.png
new file mode 100644
index 00000000..5c0eaba7
Binary files /dev/null and b/modules/ROOT/images/organizationsettings.png differ
diff --git a/modules/ROOT/pages/platform/security/single-sign-on.adoc b/modules/ROOT/pages/platform/security/single-sign-on.adoc
index f8cc216d..d3a1e524 100644
--- a/modules/ROOT/pages/platform/security/single-sign-on.adoc
+++ b/modules/ROOT/pages/platform/security/single-sign-on.adoc
@@ -177,13 +177,25 @@ Accessing Aura with SSO requires:
 * Authorization Code Flow
 * A publicly accessible IdP server
 
-To configure SSO, go to *Aura Console > Settings > SSO Configuration.*
-
 To create an SSO Configuration either a Discovery URI or a combination of Issuer, Authorization Endpoint, Token Endpoint and JWKS URI is required.
 
+== Create a new SSO configuration
+
+From the *Organization settings*, go to *Single Sign-On* and use the *SSO Configuration* button to set up a new SSO configuration.
+
+.Organization settings
+[.shadow]
+image::organizationsettings.png[A screenshot of how to navigate to organization settings in the UI]
+
+The checkboxes *Use as a log in for the Organization* and *Use as login method for instances with projects in this Org* define whether SSO should be only on Organization level, only on Project level, or both.
+
+The required basic SSO configuration information can be retrieved from the IdP.
+Entering the Discovery URI pre-fills the fields below. 
+If this is not known these fields can be completed manually.
+
 .SSO configuration
 [.shadow]
-image::sso.png[sso,640,480]
+image::sso.png[A screenshot of the SSO configuration dialogue,640,480]
 
 == Individual instance level SSO configurations available from Support