When using User Federation in a RHSSO realm that is used for the Admin Portal, steps to configure a custom mapper should be provided as this is different from the documentation currently provide.

In the current (2.2) documentation for using SSO for the Admin Portal, the docs point to the Dev Portal RHSSO Configuration.

These instructions detail "Add Builtin" Mapper called "email verified". The problem is that this mapper will not work for User Federation, which is the approach most enterprises leverage. When User Federation is used, a hardcoded claim must be created with a token claim name "email_verified" and claim value set to "true".

At the very least the documentation should mention that 3Scale relies on RHSSO to sync on email_verified set to true. This can either be hardcoded as mentioned above - or perhaps the user federation can set that value. Either way, the docs should at least talk about this. Included is a screenshot of the hardcoded claim used for User Federation with ActiveDirectory.