diff --git a/charts/centralidp/README.md b/charts/centralidp/README.md
index 56425f1e..fca39800 100644
--- a/charts/centralidp/README.md
+++ b/charts/centralidp/README.md
@@ -91,7 +91,7 @@ dependencies:
 | keycloak.externalDatabase.existingSecretUserKey | string | `""` |  |
 | keycloak.externalDatabase.existingSecretDatabaseKey | string | `""` |  |
 | keycloak.externalDatabase.existingSecretPasswordKey | string | `""` |  |
-| realmSeeding | object | `{"bpn":"BPNL00000003CRHK","clients":{"bpdm":{"clientSecret":"","redirects":["https://partners-pool.example.org/*"]},"bpdmGate":{"clientSecret":"","redirects":["https://partners-gate.example.org/*"]},"bpdmOrchestrator":{"clientSecret":""},"existingSecret":"","miw":{"clientSecret":"","redirects":["https://managed-identity-wallets.example.org/*"]},"portal":{"redirects":["https://portal.example.org/*"],"rootUrl":"https://portal.example.org/home"},"registration":{"redirects":["https://portal.example.org/*"]},"semantics":{"redirects":["https://portal.example.org/*"]}},"enabled":true,"extraServiceAccounts":{"clientSecretsAndBpn":[],"existingSecret":""},"image":{"name":"docker.io/tractusx/portal-iam-seeding:v4.0.0-iam-rc.2","pullPolicy":"IfNotPresent"},"initContainer":{"image":{"name":"docker.io/tractusx/portal-iam:v4.0.0-rc.2","pullPolicy":"IfNotPresent"}},"keycloakServicePort":80,"keycloakServiceTls":false,"portContainer":8080,"resources":{"limits":{"cpu":"750m","ephemeral-storage":"1024Mi","memory":"850M"},"requests":{"cpu":"250m","ephemeral-storage":"50Mi","memory":"850M"}},"serviceAccounts":{"clientSecrets":[{"clientId":"sa-cl1-reg-2","clientSecret":""},{"clientId":"sa-cl2-01","clientSecret":""},{"clientId":"sa-cl2-02","clientSecret":""},{"clientId":"sa-cl2-03","clientSecret":""},{"clientId":"sa-cl2-04","clientSecret":""},{"clientId":"sa-cl2-05","clientSecret":""},{"clientId":"sa-cl3-cx-1","clientSecret":""},{"clientId":"sa-cl5-custodian-2","clientSecret":""},{"clientId":"sa-cl7-cx-1","clientSecret":""},{"clientId":"sa-cl7-cx-5","clientSecret":""},{"clientId":"sa-cl7-cx-7","clientSecret":""},{"clientId":"sa-cl8-cx-1","clientSecret":""},{"clientId":"sa-cl21-01","clientSecret":""},{"clientId":"sa-cl22-01","clientSecret":""},{"clientId":"sa-cl24-01","clientSecret":""},{"clientId":"sa-cl25-cx-1","clientSecret":""},{"clientId":"sa-cl25-cx-2","clientSecret":""},{"clientId":"sa-cl25-cx-3","clientSecret":""}],"existingSecret":""},"sharedidp":"https://sharedidp.example.org","sslRequired":"external"}` | Seeding job to create and update the CX-Central realm: besides creating the CX-Central realm, the job can be used to update the configuration of the realm when upgrading to a new version; Please also refer to the 'Post-Upgrade Configuration' section in the README.md for configuration possibly not covered by the seeding job. |
+| realmSeeding | object | `{"bpn":"BPNL00000003CRHK","clients":{"bpdm":{"clientSecret":"","redirects":["https://partners-pool.example.org/*"]},"bpdmGate":{"clientSecret":"","redirects":["https://partners-gate.example.org/*"]},"bpdmOrchestrator":{"clientSecret":""},"existingSecret":"","miw":{"clientSecret":"","redirects":["https://managed-identity-wallets.example.org/*"]},"portal":{"redirects":["https://portal.example.org/*"],"rootUrl":"https://portal.example.org/home"},"registration":{"redirects":["https://portal.example.org/*"]},"semantics":{"redirects":["https://portal.example.org/*"]}},"enabled":true,"extraServiceAccounts":{"clientSecretsAndBpn":[],"existingSecret":""},"image":{"name":"docker.io/tractusx/portal-iam-seeding:v4.0.0-iam-rc.2","pullPolicy":"IfNotPresent"},"initContainer":{"image":{"name":"docker.io/tractusx/portal-iam:v4.0.0-rc.2","pullPolicy":"IfNotPresent"}},"keycloakServicePort":80,"keycloakServiceTls":false,"portContainer":8080,"resources":{"limits":{"cpu":"750m","ephemeral-storage":"1024Mi","memory":"850M"},"requests":{"cpu":"250m","ephemeral-storage":"50Mi","memory":"850M"}},"serviceAccounts":{"clientSecrets":[{"clientId":"sa-cl1-reg-2","clientSecret":""},{"clientId":"sa-cl2-01","clientSecret":""},{"clientId":"sa-cl2-02","clientSecret":""},{"clientId":"sa-cl2-03","clientSecret":""},{"clientId":"sa-cl2-04","clientSecret":""},{"clientId":"sa-cl2-05","clientSecret":""},{"clientId":"sa-cl3-cx-1","clientSecret":""},{"clientId":"sa-cl5-custodian-2","clientSecret":""},{"clientId":"sa-cl7-cx-1","clientSecret":""},{"clientId":"sa-cl7-cx-5","clientSecret":""},{"clientId":"sa-cl7-cx-7","clientSecret":""},{"clientId":"sa-cl8-cx-1","clientSecret":""},{"clientId":"sa-cl21-01","clientSecret":""},{"clientId":"sa-cl22-01","clientSecret":""},{"clientId":"sa-cl24-01","clientSecret":""},{"clientId":"sa-cl25-cx-1","clientSecret":""},{"clientId":"sa-cl25-cx-2","clientSecret":""},{"clientId":"sa-cl25-cx-3","clientSecret":""}],"existingSecret":""},"sharedidp":"https://sharedidp.example.org","sslRequired":"external"}` | Seeding job to create and update the CX-Central realm: besides creating the CX-Central realm, the job can be used to update the configuration of the realm when upgrading to a new version; Please refer to /docs/admin/technical-documentation/14. Realm Seeding.md for more details. Please also refer to the 'Post-Upgrade Configuration' section in the README.md for configuration possibly not covered by the seeding job. |
 | realmSeeding.clients | object | `{"bpdm":{"clientSecret":"","redirects":["https://partners-pool.example.org/*"]},"bpdmGate":{"clientSecret":"","redirects":["https://partners-gate.example.org/*"]},"bpdmOrchestrator":{"clientSecret":""},"existingSecret":"","miw":{"clientSecret":"","redirects":["https://managed-identity-wallets.example.org/*"]},"portal":{"redirects":["https://portal.example.org/*"],"rootUrl":"https://portal.example.org/home"},"registration":{"redirects":["https://portal.example.org/*"]},"semantics":{"redirects":["https://portal.example.org/*"]}}` | Set redirect addresses and - in the case of confidential clients - clients secrets for clients which are part of the basic CX-Central realm setup; SET client secrets for all non-testing and non-local purposes, default value is autogenerated. |
 | realmSeeding.clients.existingSecret | string | `""` | Option to provide an existingSecret for the clients with clientId as key and clientSecret as value. |
 | realmSeeding.serviceAccounts | object | `{"clientSecrets":[{"clientId":"sa-cl1-reg-2","clientSecret":""},{"clientId":"sa-cl2-01","clientSecret":""},{"clientId":"sa-cl2-02","clientSecret":""},{"clientId":"sa-cl2-03","clientSecret":""},{"clientId":"sa-cl2-04","clientSecret":""},{"clientId":"sa-cl2-05","clientSecret":""},{"clientId":"sa-cl3-cx-1","clientSecret":""},{"clientId":"sa-cl5-custodian-2","clientSecret":""},{"clientId":"sa-cl7-cx-1","clientSecret":""},{"clientId":"sa-cl7-cx-5","clientSecret":""},{"clientId":"sa-cl7-cx-7","clientSecret":""},{"clientId":"sa-cl8-cx-1","clientSecret":""},{"clientId":"sa-cl21-01","clientSecret":""},{"clientId":"sa-cl22-01","clientSecret":""},{"clientId":"sa-cl24-01","clientSecret":""},{"clientId":"sa-cl25-cx-1","clientSecret":""},{"clientId":"sa-cl25-cx-2","clientSecret":""},{"clientId":"sa-cl25-cx-3","clientSecret":""}],"existingSecret":""}` | Client secrets for service accounts which are part of the basic CX-Central realm setup; SET client secrets for all non-testing and non-local purposes, default value is autogenerated. |
@@ -111,6 +111,17 @@ Please see notes at [Values.seeding](values.yaml#L153) for upgrading the configu
 ### To 4.0.0
 
 This major changes from the Keycloak version from  23.0.7 to 25.0.6.
+
+Please be aware that proxy parameter was deprecated and therefore removed. When enabling the production mode, it is to be expected to encounter the following error at install if none of the conditions listed [here](https://github.com/bitnami/charts/blob/eb2b3bdd8612a754c1b7e28237e9a32f6661eaab/bitnami/keycloak/templates/_helpers.tpl#L343) are met:
+
+`
+Error: INSTALLATION FAILED: execution error at (centralidp/charts/keycloak/templates/NOTES.txt:100:4):
+VALUES VALIDATION:
+keycloak: production
+    In order to enable Production mode, you also need to enable HTTPS/TLS
+    using the value 'tls.enabled' and providing an existing secret containing the Keystore and Trustore.
+`
+
 No major issues are expected during the upgrade. Nonetheless, a blue-green deployment approach - [as outlined for previous major version upgrades](#upgrade-approach) -  is recommended.
 
 ### To 3.0.1
diff --git a/charts/centralidp/README.md.gotmpl b/charts/centralidp/README.md.gotmpl
index b449d0a4..37f937f8 100644
--- a/charts/centralidp/README.md.gotmpl
+++ b/charts/centralidp/README.md.gotmpl
@@ -45,6 +45,17 @@ Please see notes at [Values.seeding](values.yaml#L153) for upgrading the configu
 ### To 4.0.0
 
 This major changes from the Keycloak version from  23.0.7 to 25.0.6.
+
+Please be aware that proxy parameter was deprecated and therefore removed. When enabling the production mode, it is to be expected to encounter the following error at install if none of the conditions listed [here](https://github.com/bitnami/charts/blob/eb2b3bdd8612a754c1b7e28237e9a32f6661eaab/bitnami/keycloak/templates/_helpers.tpl#L343) are met:
+
+`
+Error: INSTALLATION FAILED: execution error at (centralidp/charts/keycloak/templates/NOTES.txt:100:4): 
+VALUES VALIDATION:
+keycloak: production
+    In order to enable Production mode, you also need to enable HTTPS/TLS
+    using the value 'tls.enabled' and providing an existing secret containing the Keystore and Trustore.
+`
+
 No major issues are expected during the upgrade. Nonetheless, a blue-green deployment approach - [as outlined for previous major version upgrades](#upgrade-approach) -  is recommended.
 
 ### To 3.0.1
diff --git a/charts/centralidp/values.yaml b/charts/centralidp/values.yaml
index 5cc9ae4d..e1092132 100644
--- a/charts/centralidp/values.yaml
+++ b/charts/centralidp/values.yaml
@@ -132,6 +132,7 @@ keycloak:
 # -- Seeding job to create and update the CX-Central realm:
 # besides creating the CX-Central realm, the job can be used to update
 # the configuration of the realm when upgrading to a new version;
+# Please refer to /docs/admin/technical-documentation/14. Realm Seeding.md for more details.
 # Please also refer to the 'Post-Upgrade Configuration' section in the README.md
 # for configuration possibly not covered by the seeding job.
 realmSeeding:
diff --git a/charts/sharedidp/README.md b/charts/sharedidp/README.md
index 7a900a83..6e2286c7 100644
--- a/charts/sharedidp/README.md
+++ b/charts/sharedidp/README.md
@@ -97,7 +97,7 @@ dependencies:
 | keycloak.externalDatabase.existingSecretUserKey | string | `""` |  |
 | keycloak.externalDatabase.existingSecretDatabaseKey | string | `""` |  |
 | keycloak.externalDatabase.existingSecretPasswordKey | string | `""` |  |
-| realmSeeding | object | `{"enabled":true,"image":{"name":"docker.io/tractusx/portal-iam-seeding:v4.0.0-iam-rc.2","pullPolicy":"IfNotPresent"},"initContainer":{"image":{"name":"docker.io/tractusx/portal-iam:v4.0.0-rc.2","pullPolicy":"IfNotPresent"}},"keycloakServicePort":80,"keycloakServiceTls":false,"portContainer":8080,"realms":{"cxOperator":{"centralidp":"https://centralidp.example.org","existingSecret":"","initialUser":{"eMail":"cx-operator@tx.org","firstName":"Operator","lastName":"CX Admin","password":"","username":"cx-operator@tx.org"},"mailing":{"from":"email@example.org","host":"smtp.example.org","password":"","port":"123","replyTo":"email@example.org","username":"smtp-user"},"sslRequired":"external"},"master":{"existingSecret":"","serviceAccounts":{"provisioning":{"clientSecret":""},"saCxOperator":{"clientSecret":""}}}},"resources":{"limits":{"cpu":"750m","ephemeral-storage":"1024Mi","memory":"700M"},"requests":{"cpu":"250m","ephemeral-storage":"50Mi","memory":"700M"}}}` | Seeding job to create and update the CX-Operator and master realms: besides creating those realm, the job can be used to update the configuration of the realms when upgrading to a new version; Please also refer to the 'Post-Upgrade Configuration' section in the README.md for configuration possibly not covered by the seeding job. |
+| realmSeeding | object | `{"enabled":true,"image":{"name":"docker.io/tractusx/portal-iam-seeding:v4.0.0-iam-rc.2","pullPolicy":"IfNotPresent"},"initContainer":{"image":{"name":"docker.io/tractusx/portal-iam:v4.0.0-rc.2","pullPolicy":"IfNotPresent"}},"keycloakServicePort":80,"keycloakServiceTls":false,"portContainer":8080,"realms":{"cxOperator":{"centralidp":"https://centralidp.example.org","existingSecret":"","initialUser":{"eMail":"cx-operator@tx.org","firstName":"Operator","lastName":"CX Admin","password":"","username":"cx-operator@tx.org"},"mailing":{"from":"email@example.org","host":"smtp.example.org","password":"","port":"123","replyTo":"email@example.org","username":"smtp-user"},"sslRequired":"external"},"master":{"existingSecret":"","serviceAccounts":{"provisioning":{"clientSecret":""},"saCxOperator":{"clientSecret":""}}}},"resources":{"limits":{"cpu":"750m","ephemeral-storage":"1024Mi","memory":"700M"},"requests":{"cpu":"250m","ephemeral-storage":"50Mi","memory":"700M"}}}` | Seeding job to create and update the CX-Operator and master realms: besides creating those realm, the job can be used to update the configuration of the realms when upgrading to a new version; Please refer to /docs/admin/technical-documentation/14. Realm Seeding.md for more details. Please also refer to the 'Post-Upgrade Configuration' section in the README.md for configuration possibly not covered by the seeding job. |
 | realmSeeding.realms.cxOperator.centralidp | string | `"https://centralidp.example.org"` | Set centralidp address for the connection to the CX-Central realm. |
 | realmSeeding.realms.cxOperator.initialUser | object | `{"eMail":"cx-operator@tx.org","firstName":"Operator","lastName":"CX Admin","password":"","username":"cx-operator@tx.org"}` | Configure initial user in CX-Operator realm. |
 | realmSeeding.realms.cxOperator.initialUser.username | string | `"cx-operator@tx.org"` | SET username for all non-testing and non-local purposes. |
@@ -118,6 +118,17 @@ Autogenerated with [helm docs](https://github.com/norwoodj/helm-docs)
 ### To 4.0.0
 
 This major changes from the Keycloak version from  23.0.7 to 25.0.6.
+
+Please be aware that proxy parameter was deprecated and therefore removed. When enabling the production mode, it is to be expected to encounter the following error at install if none of the conditions listed [here](https://github.com/bitnami/charts/blob/eb2b3bdd8612a754c1b7e28237e9a32f6661eaab/bitnami/keycloak/templates/_helpers.tpl#L343) are met:
+
+`
+Error: INSTALLATION FAILED: execution error at (sharedidp/charts/keycloak/templates/NOTES.txt:100:4):
+VALUES VALIDATION:
+keycloak: production
+    In order to enable Production mode, you also need to enable HTTPS/TLS
+    using the value 'tls.enabled' and providing an existing secret containing the Keystore and Trustore.
+`
+
 No major issues are expected during the upgrade. Nonetheless, a blue-green deployment approach - [as outlined for previous major version upgrades](#upgrade-approach) -  is recommended.
 
 ### To 3.0.1
diff --git a/charts/sharedidp/README.md.gotmpl b/charts/sharedidp/README.md.gotmpl
index 78cd5c76..3165b3f8 100644
--- a/charts/sharedidp/README.md.gotmpl
+++ b/charts/sharedidp/README.md.gotmpl
@@ -43,6 +43,17 @@ Autogenerated with [helm docs](https://github.com/norwoodj/helm-docs)
 ### To 4.0.0
 
 This major changes from the Keycloak version from  23.0.7 to 25.0.6.
+
+Please be aware that proxy parameter was deprecated and therefore removed. When enabling the production mode, it is to be expected to encounter the following error at install if none of the conditions listed [here](https://github.com/bitnami/charts/blob/eb2b3bdd8612a754c1b7e28237e9a32f6661eaab/bitnami/keycloak/templates/_helpers.tpl#L343) are met:
+
+`
+Error: INSTALLATION FAILED: execution error at (sharedidp/charts/keycloak/templates/NOTES.txt:100:4): 
+VALUES VALIDATION:
+keycloak: production
+    In order to enable Production mode, you also need to enable HTTPS/TLS
+    using the value 'tls.enabled' and providing an existing secret containing the Keystore and Trustore.
+`
+
 No major issues are expected during the upgrade. Nonetheless, a blue-green deployment approach - [as outlined for previous major version upgrades](#upgrade-approach) -  is recommended.
 
 ### To 3.0.1
diff --git a/charts/sharedidp/values.yaml b/charts/sharedidp/values.yaml
index 0f6e16d5..d0a42bdb 100644
--- a/charts/sharedidp/values.yaml
+++ b/charts/sharedidp/values.yaml
@@ -140,6 +140,7 @@ keycloak:
 # -- Seeding job to create and update the CX-Operator and master realms:
 # besides creating those realm, the job can be used to update
 # the configuration of the realms when upgrading to a new version;
+# Please refer to /docs/admin/technical-documentation/14. Realm Seeding.md for more details.
 # Please also refer to the 'Post-Upgrade Configuration' section in the README.md
 # for configuration possibly not covered by the seeding job.
 realmSeeding:
diff --git a/docs/admin/technical-documentation/00. External Identity Provider.md b/docs/admin/technical-documentation/01. External Identity Provider.md
similarity index 100%
rename from docs/admin/technical-documentation/00. External Identity Provider.md
rename to docs/admin/technical-documentation/01. External Identity Provider.md
diff --git a/docs/admin/technical-documentation/03. Clients.md b/docs/admin/technical-documentation/03. Clients.md
index 4a682c59..c72aa23c 100644
--- a/docs/admin/technical-documentation/03. Clients.md	
+++ b/docs/admin/technical-documentation/03. Clients.md	
@@ -21,7 +21,7 @@ Manual creation of clients is not part of the concept, all realm administration
 
 ## Initial Clients and Service Accounts
 
-During the [import of the realms](/import/realm-config/) at startup, the relevant clients and service accounts are seeded:
+During the [seeding of the realms](/import/realm-config/) after install and upgrade, the relevant clients and service accounts are added:
 
 | **Instance** | **Client Type** | **Description** | **Client ID** |
 |--------------|-----------------|-----------------|---------------|
diff --git a/docs/admin/technical-documentation/11. FAQ.md b/docs/admin/technical-documentation/11. FAQ.md
index aa61a58f..73d1b726 100644
--- a/docs/admin/technical-documentation/11. FAQ.md	
+++ b/docs/admin/technical-documentation/11. FAQ.md	
@@ -79,7 +79,7 @@ To transform the created "role" to an actual role, since currently its a single
 
 3. Update keycloak base image
 
-The [CX-Central realm file](/import/realm-config/generic/catenax-central/CX-Central-realm.json) needs to be updated with role changes (export from Keycloak) to provide the configuration in the init container for the realm import and seeding.
+The [CX-Central realm file](/import/realm-config/generic/catenax-central/CX-Central-realm.json) needs to be updated with role changes (export from Keycloak) to provide the configuration in the init container for the realm seeding.
 
 4. Update documentation
 
@@ -130,7 +130,7 @@ For the scenario of sql, the relevant sql can get found below:
 
 3. Update Keycloak base image
 
-The [CX-Central realm file](/import/realm-config/generic/catenax-central/CX-Central-realm.json) needs to be updated with role changes (export from Keycloak) to provide the configuration in the init container for the realm import and seeding.
+The [CX-Central realm file](/import/realm-config/generic/catenax-central/CX-Central-realm.json) needs to be updated with role changes (export from Keycloak) to provide the configuration in the init container for the realm seeding.
 
 4. Update documentation
 
diff --git a/docs/admin/technical-documentation/14. Realm Seeding.md b/docs/admin/technical-documentation/14. Realm Seeding.md
new file mode 100644
index 00000000..4981d9d1
--- /dev/null
+++ b/docs/admin/technical-documentation/14. Realm Seeding.md	
@@ -0,0 +1,27 @@
+# Seeding of custom realms
+
+To add the custom realms to the centralidp and sharedidp instances maintained in the [import/realm-config directory](/import/realm-config/), a seeding job written in dotnet and executed as part of Kubernetes jobs.
+
+The seeding job itself is currently is maintained in the portal-backend repository, but it's planned to move it this repository (see [sig-release#855](https://github.com/eclipse-tractusx/sig-release/issues/855)).
+
+The job is highly configurable, for instance environment specific URLs and client secrets can be seeded, please see [Keycloak.Seeding/README.md](https://github.com/eclipse-tractusx/portal-backend/blob/v4.0.0-iam/src/keycloak/Keycloak.Seeding/README.md) for more details.
+
+It is used to seed - initially and at upgrade:
+
+- the CX-Central realm into centralidp and
+- the CX-Operator realm into sharedidp,
+
+for the master realm in sharedidp it also seeds two service accounts as well as the entities connected to those (users and and `cx-admin`role). For the detailed configuration please see:
+
+- [seeding job for centralidp](/charts/centralidp/templates/job-seeding.yaml) and
+- [seeding job for sharedidp](/charts/sharedidp/templates/job-seeding.yaml)
+
+As well as the configuration in the values.yaml files under `Values.realmSeeding`.
+
+## NOTICE
+
+This work is licensed under the [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0).
+
+- SPDX-License-Identifier: Apache-2.0
+- SPDX-FileCopyrightText: 2024 Contributors to the Eclipse Foundation
+- Source URL: https://github.com/eclipse-tractusx/portal-
diff --git a/docs/admin/technical-documentation/01. Introduction.md b/docs/admin/technical-documentation/README.md
similarity index 86%
rename from docs/admin/technical-documentation/01. Introduction.md
rename to docs/admin/technical-documentation/README.md
index 272a9a27..4878f78f 100644
--- a/docs/admin/technical-documentation/01. Introduction.md	
+++ b/docs/admin/technical-documentation/README.md
@@ -6,8 +6,8 @@ Authentication Flow - User login to Catena-X
 
 ![AuthenticationFlow](/docs/static/authentication-flow.png)
 
-\*(Schatten-) User: The „Schatten-User“ (shadow user) is defined as an empty User frame holding limited information. The actual user is managed in the respective Identity Provider.  
-The Schatten-User are always federated identities
+\*(Schatten-) User: The „Schatten-User“ (shadow user) is defined as an empty User frame holding limited information. The actual user is managed in the respective Identity Provider.
+The shadow users are always federated identities.
 
 ## Authentication Protocol - OpenID Connect (OIDC)