diff --git a/docs/sso/single-sign-on.mdx b/docs/sso/single-sign-on.mdx
index 239a2f7..5da835e 100644
--- a/docs/sso/single-sign-on.mdx
+++ b/docs/sso/single-sign-on.mdx
@@ -31,6 +31,8 @@ Now, fill in the details in the SSO configuration form as specified in the pictu
 
 Now, you can configure the role mappings for the authenticated user based on the claims from the token payload. You can also choose the default role, which will be assigned to the user if none of the role mappings match.
 
+When Dynamic Role Mapping is enabled, user roles are synchronized with the 360 Portal each time the user logs in via SSO. If disabled, roles are only mapped during the user's initial SSO login to the 360 Portal.
+
 ![SSO role mappings](/img/sso/sso-role-mapping.png)
 
 ### OIDC configurations
diff --git a/static/img/sso/sso-role-mapping.png b/static/img/sso/sso-role-mapping.png
index 15f70fc..ad53935 100644
Binary files a/static/img/sso/sso-role-mapping.png and b/static/img/sso/sso-role-mapping.png differ