diff --git a/docs/operator-manual/ingress.md b/docs/operator-manual/ingress.md
index 3d20c4f283..c2249d7dfb 100644
--- a/docs/operator-manual/ingress.md
+++ b/docs/operator-manual/ingress.md
@@ -58,6 +58,10 @@ metadata:
     kubernetes.io/ingress.class: nginx
     kubernetes.io/tls-acme: "true"
     nginx.ingress.kubernetes.io/ssl-passthrough: "true"
+    # If you encounter a redirect loop or are getting a 307 response code 
+    # then you need to force the nginx ingress to connect to the backend using HTTPS.
+    #
+    # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
 spec:
   rules:
   - host: argocd.example.com
diff --git a/docs/operator-manual/sso/index.md b/docs/operator-manual/sso/index.md
index 867f793d6b..76d5fa7f62 100644
--- a/docs/operator-manual/sso/index.md
+++ b/docs/operator-manual/sso/index.md
@@ -116,6 +116,10 @@ data:
     cliClientID: vvvvwwwwxxxxyyyyzzzz
 ```
 
+!!! note
+    The callback address should be the /auth/callback endpoint of your Argo CD URL 
+    (e.g. https://argocd.example.com/auth/callback).
+
 ### Requesting additional ID token claims
 
 Not all OIDC providers support a special `groups` scope. E.g. Okta, OneLogin and Microsoft do support a special