rework the SSO doc a bit and add images

docs/administration-guide/10-single-sign-on.md

-## Single Sign-On with Google
+## Authenticating with Google Sign-In or LDAP
 
-Enabling single sign-on lets your team log in with a click instead of using email and password and can optionally let them sign up for Metabase accounts without an admin having to create them first.
+Enabling Google Sign-In or LDAP lets your team log in with a click instead of using email and password, and can optionally let them sign up for Metabase accounts without an admin having to create them first. You can find these options in the Settings section of the Admin Panel, under Authentication.
 
-Currently Metabase works with Google accounts for single sign-on. As time goes on we may add other auth providers. If you have a service you’d like to see work with Metabase please let us know by [filing an issue](http://github.com/metabase/metabase/issues/new).
+![Authentication](./images/authentication.png)
 
-### Enabling Sign in
+As time goes on we may add other auth providers. If you have a service you’d like to see work with Metabase please let us know by [filing an issue](http://github.com/metabase/metabase/issues/new).
+
+### Enabling Google Sign-In
 
 To let your team start signing in with Google you’ll first need to create an application through Google’s [developer console](https://console.developers.google.com/projectselector/apis/library).
 
@@ -16,13 +18,24 @@ Once you have your client_id, copy and paste it into the box on the Single Sign-
 
 Now existing Metabase users signed into a Google account that matches their Metabase account email can sign in with just a click.
 
-###  Enabling Sign up
+###  Enabling account creation with Google Sign-In
+
+If you’ve added your Google client ID to your Metabase settings you can also let users sign up on their own without creating accounts for them.
+
+To enable this, go to the Google Sign-In configuration page, and specify the email domain you want to allow. For example, if you work at WidgetCo you could enter `widgetco.com` in the field to let anyone with a company email sign up on their own.
+
+Note: Metabase accounts created with Google Sign-In do not have passwords and must use Google to sign in to Metabase.
+
+
+### Enabling LDAP authentication
+
+Click the `Configure` button in the LDAP section of the Authentication page, and you'll see this form:
 
-If you’ve added your Google client id to your Metabase settings you can also let users sign up on their own without creating accounts for them.
+![Authentication](./images/ldap-form.png)
 
-To enable this, check the box on the Single Sign-On Admin Settings page and specify the email domain you want to allow. For example if you work at WidgetCo you could enter widgetco.com in the field to let anyone with a company email sign up on their own.
+Click the toggle at the top of the form to enable LDAP, then fill in the form with the information about your LDAP server.
 
-Note: Metabase accounts created with Single Sign-On do not have passwords and must use Google to sign in to Metabase.
+(@sameer to put more detailed info here)
 
 
 ---

docs/administration-guide/start.md

@@ -13,7 +13,7 @@ Are you in charge of managing Metabase for your organization? Then you're in the
 * [Creating segments and metrics](07-segments-and-metrics.md)
 * [Configuring settings](08-configuration-settings.md)
 * [Setting up Slack integration](09-setting-up-slack.md)
-* [Enabling single sign-on with Google](10-single-sign-on.md)
+* [Authenticating with Google Sign-In or LDAP](10-single-sign-on.md)
 * [Creating a Getting Started Guide for your team](11-getting-started-guide.md)
 * [Sharing dashboards and questions with public links](12-public-links.md)
 * [Embedding Metabase in other Applications](13-embedding.md)