diff --git a/docs/authentication/enterprise-connections/overview.mdx b/docs/authentication/enterprise-connections/overview.mdx
index db77f71d6a..d4b01372f0 100644
--- a/docs/authentication/enterprise-connections/overview.mdx
+++ b/docs/authentication/enterprise-connections/overview.mdx
@@ -24,6 +24,15 @@ To configure subdomains for a SAML connection:
 > [!NOTE]
 > To enable the **Allow subdomains** option, your SAML connection domain must be an [eTLD+1](https://developer.mozilla.org/en-US/docs/Glossary/eTLD).
 
+#### Native applications
+
+Clerk ensures that security critical nonces are passed only to allowlisted URLs when the SAML flow is completed in native browsers or webviews. For maximum security in your **production** instances, you need to allowlist your custom redirect URLs via the [Clerk Dashboard](https://dashboard.clerk.com/) or the [Clerk Backend API](/docs/references/backend/redirect-urls/create-redirect-url).
+
+To allowlist a redirect URL via the Clerk Dashboard:
+
+1. In the Clerk Dashboard, navigate to the [**SSO connections**](https://dashboard.clerk.com/last-active?path=user-authentication/sso-connections) page.
+1. Scroll to the **Allowlist for mobile OAuth/SAML redirect** section and add your redirect URLs.
+
 ## OIDC
 
 Clerk supports Enterprise SSO via the OpenID Connect (OIDC) protocol, either through [EASIE](#easie) or by [integrating with any OIDC-compatible provider](/docs/authentication/enterprise-connections/oidc/custom-provider).