update idp docs

manage/identity-providers/add-an-idp.mdx

@@ -55,6 +55,10 @@ Integrate with Microsoft's enterprise identity platform to allow users to authen
 
 ## How to Add an Identity Provider
 
+<Note>
+In the CE and EE, identity providers are created and managed via the Server Admin UI rather than the organization settings.
+</Note>
+
 <Steps>
 <Step title="Navigate to Identity Providers">
   In the Pangolin organization, select the "Identity Providers" section in the sidebar.
@@ -79,8 +83,6 @@ Integrate with Microsoft's enterprise identity platform to allow users to authen
 </Step>
 </Steps>
 
-In the CE and EE, identity providers are created and managed via the Server Admin UI rather than the organization settings.
-
 ## Custom Login Page
 
 You can [configure a custom login page](/manage/access-control/login-page) for your organization to be served at a domain of your choice. The log in page for every resource will be served at this URL. Additionally, you can visit this url to log in to the organization itself to access the Pangolin dashboard. This is particularly useful for identity providers because it creates a place for your users to go to select the identity provider of choice to access the Pangolin dashboard.

manage/identity-providers/auto-provisioning.mdx

@@ -41,6 +41,11 @@ The expression will be matched against each organization. Meaning:
 ### Example: Role Selection 
 
 **Expression:**
+
+<Note>
+When entering in a string, JMESPatch requires it be surrounded by `'` (single quotes). See below:
+</Note>
+
 ```
 contains(groups, 'admin') && 'Admin' || 'Member'
 ```
@@ -68,7 +73,9 @@ This example will return the string "Admin". If the user is not a member of the
 
 ## Community Edition
 
-In the Community Edition, identity providers are managed at the server level and not the individual organization. This means you must define policies per organization to map users to specific organizations and roles within those organizations. After you create an IdP, on the edit page, you can manage organization policies via the "Organization Policies" tab. You can set default (fallback) policies, or define them on a per org basis.
+In the Community Edition, identity providers are managed at the server level and not the individual organization. This means you must define policies per organization to map users to specific organizations and roles within those organizations. 
+
+After you create an IdP, on the edit page, you can manage organization policies via the "Organization Policies" tab. You can set default (fallback) policies, or define them on a per org basis.
 
 ### How Organization Policies Are Evalutated
 
@@ -92,6 +99,10 @@ It is helpful to think of the auto provisioning process as follows:
 </Step>
 </Steps>
 
+### Selecting Roles
+
+See above examples.
+ 
 ### Selecting Organizations
 
 Use JMESPath to map attributes from the identity provider to organizations in Pangolin. See [JMESPath](https://jmespath.org/) for more information on how to use JMESPath.
@@ -133,6 +144,10 @@ This example will return true since the user is a member of the "home-lab" group
 
 ### Example 2: Fixed Organization
 
+<Note>
+When entering in a string, JMESPatch requires it be surrounded by `'` (single quotes). See below:
+</Note>
+
 **Expression:**
 ```
 'home-lab'