Add initiated note in config section

doc/user/group/saml_sso/index.md

@@ -26,6 +26,7 @@ SAML SSO is not supported at the subgroup level.
 1. Configure your SAML server using the **Assertion consumer service URL**, **Identifier**, and **GitLab single sign-on URL**. Alternatively GitLab provides [metadata XML configuration](#metadata-configuration). See [specific identity provider documentation](#providers) for more details.
 1. Configure the SAML response to include a NameID that uniquely identifies each user.
 1. Configure [required assertions](group_managed_accounts.md#assertions) if using [Group Managed Accounts](group_managed_accounts.md).
+1. While the default is enabled for most SAML providers, please ensure the app is set to have [Service Provider](#glossary) initiated calls in order to link existing GitLab accounts.
 1. Once the identity provider is set up, move on to [configuring GitLab](#configuring-gitlab).
 
 ![Issuer and callback for configuring SAML identity provider with GitLab.com](img/group_saml_configuration_information.png)
@@ -421,7 +422,7 @@ Ensure that the user who is trying to link their GitLab account has been added a
 
 Alternatively, the SAML response may be missing the `InResponseTo` attribute in the
 `samlp:Response` tag, which is [expected by the SAML gem](https://github.com/onelogin/ruby-saml/blob/9f710c5028b069bfab4b9e2b66891e0549765af5/lib/onelogin/ruby-saml/response.rb#L307-L316).
-The [Identity Provider](#glossary) administrator should ensure that the login should be
+The [Identity Provider](#glossary) administrator should ensure that the login is
 initiated by the Service Provider (typically GitLab) and not the Identity Provider.
 
 ### Stuck in a login "loop"