diff --git a/docbook/reference/en/en-US/modules/user-federation.xml b/docbook/reference/en/en-US/modules/user-federation.xml
index 9941a8d..b08a58b 100755
--- a/docbook/reference/en/en-US/modules/user-federation.xml
+++ b/docbook/reference/en/en-US/modules/user-federation.xml
@@ -101,7 +101,8 @@
<term>Other options</term>
<listitem>
<para>
- The rest of the configuration options should be self explanatory.
+ The rest of the configuration options should be self explanatory. You can use tooltips in admin console
+ to see some more details about them.
</para>
</listitem>
</varlistentry>
@@ -110,6 +111,46 @@
</section>
</section>
<section>
+ <title>Sync of LDAP users to Keycloak</title>
+ <para>
+ LDAP Federation Provider will automatically take care of synchronization (import) of needed LDAP users into Keycloak database.
+ For example once you first authenticate LDAP user <literal>john</literal> from Keycloak UI, LDAP Federation provider will
+ first import this LDAP user into Keycloak database and then authenticate against LDAP password.
+ </para>
+ <para>
+ Thing is that Federation Provider import just requested users by default, so if you click to <literal>View all users</literal>
+ in Keycloak admin console, you will see just those LDAP users, which were already authenticated/requested by Keycloak.
+ </para>
+ <para>If you want to sync all LDAP users into Keycloak database, you may configure and enable Sync, which is in
+ admin console on same page like the configuration of Federation provider itself. There are 2 types of sync:
+ <variablelist>
+ <varlistentry>
+ <term>Full sync</term>
+ <listitem>
+ <para>
+ This will synchronize all LDAP users into Keycloak DB. Those LDAP users, which already exist in Keycloak and were
+ changed in LDAP directly will be updated in Keycloak DB (For example if user <literal>Mary Kelly</literal> was changed in LDAP to <literal>Mary Doe</literal>).
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Changed users sync</term>
+ <listitem>
+ <para>
+ This will check LDAP and it will sync into Keycloak just those users, which were created or updated in LDAP from the time of last sync.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </para>
+ <para>
+ In usual cases you may want to trigger full sync at the beginning, so you will import all LDAP users to Keycloak just once. Then you may setup
+ periodic sync of changed users, so Keycloak will periodically ask LDAP server for newly created or updated users and backport them to Keycloak DB.
+ Also you may want to trigger full sync again after some longer time or setup periodic full sync as well.
+ </para>
+ <para>In admin console, you can trigger sync directly or you can enable periodic changed or full sync.</para>
+ </section>
+ <section>
<title>Writing your own User Federation Provider</title>
<para>
The keycloak examples directory contains an example of a simple User Federation Provider backed by
