diff --git a/docs/docs-content/clusters/palette-virtual-clusters/configure-oidc-virtual-cluster.md b/docs/docs-content/clusters/palette-virtual-clusters/configure-oidc-virtual-cluster.md
new file mode 100644
index 0000000000..3fd36c99ab
--- /dev/null
+++ b/docs/docs-content/clusters/palette-virtual-clusters/configure-oidc-virtual-cluster.md
@@ -0,0 +1,116 @@
+---
+sidebar_label: "Configure OIDC for a Virtual Cluster"
+title: "Configure OIDC for a Virtual Cluster"
+description: "Learn how to configure OIDC for Palette Virtual Clusters."
+icon: ""
+hide_table_of_contents: false
+sidebar_position: 5
+tags: ["clusters", "cluster groups", "virtual clusters"]
+---
+
+
+Enabling OpenID Connect (OIDC) Identity Provider (IDP) for Palette Virtual Clusters offers several benefits. First, it enables single sign-on, allowing you to log in once and access multiple virtual clusters without the need for separate authentication. Second, it facilitates centralized user management, making it easier to manage user accounts, permissions, and access control in a single location. Finally, OIDC integration allows for seamless integration with third-party identity providers, ensuring consistent authentication and authorization across the infrastructure. Overall, enabling OIDC enhances security, simplifies user management, and provides a seamless authentication experience for users accessing virtual clusters.
+
+
+## Prerequisites
+
+- A healthy host cluster that you will use to create a cluster group.
+
+- A cluster group. Review [Create and Manage Cluster Groups](../../clusters/cluster-groups/create-cluster-group.md) for guidance.
+
+:::caution
+
+We recommend configuring a cluster group with OIDC *before* you create virtual clusters. This will ensure that OIDC information from the cluster group configuration is properly inserted in the kubeconfig file that is generated for the virtual cluster.
+
+:::
+
+- The OIDC issuer URL, OIDC client ID, and OIDC secret. You can obtain this information from your identity provider.
+
+- At a minimum, the `cluster.delete` permission to access the generated kubeconfig. For more information, check out [Kubeconfig files](../cluster-management/kubeconfig.md#kubeconfig-files). If you are deploying virtual clusters, you  need the `clusterGroup.update` permission.
+
+- [kubelogin](https://github.com/int128/kubelogin) installed. This is a kubectl plugin for Kubernetes OIDC authentication, also known as `kubectl oidc-login`.
+
+
+## Configure OIDC
+
+1. Log in to [Palette](https://console.spectrocloud.com) as a tenant admin.
+
+2. Navigate to the left **Main Menu** and click on **Cluster Groups**.
+
+  If a cluster group does not exist, you will need to create a host cluster and then create the cluster group. Refer to [Create and Manage Cluster Groups](../../clusters/cluster-groups/create-cluster-group.md) for guidance. 
+
+3. Select the cluster group to which you will deploy a virtual cluster. 
+
+4. In the **Host Clusters** tab that displays on the next page, click on **Settings**.
+
+5. In the slide panel that opens, select the **Settings** option. The cluster group YAML file displays.
+
+6. Locate the `vcluster.extraArgs` parameter section of the cluster group configuration file and uncomment the lines shown in the example.
+
+![Screenshot of the cluster group YAML showing oidc-related parameters to uncomment and update.](/clusters_palette-virtual-clusters_configure-vcluster-oidc.png)
+
+7. Update the `vcluster.extraArgs` section with your identity provider information.
+
+    ```yaml
+    vcluster:
+      extraArgs:	
+      - --kube-apiserver-arg=”oidc-issuer-url=<client-url>"
+      - --kube-apiserver-arg="oidc-client-id=<client-id>"
+      - --kube-apiserver-arg="oidc-username-claim=email"
+      - --kube-apiserver-arg="oidc-groups-claim=groups"
+    ```
+
+8. If your identity provider requires a client secret, uncomment the `oidc-client-secret` parameter in the `clientConfig` section of cluster group YAML file, and add the client secret.
+
+    ```yaml
+    clientConfig:	
+      oidc-client-secret: secret-value
+    ```
+
+9. From the **User Menu**, switch to *App Mode*. From the left **Main Menu**, click on **Virtual Clusters**.  
+
+10. Deploy a virtual cluster to the cluster group that you configured with OIDC. For steps, review the [Deploy a Virtual Cluster](../palette-virtual-clusters/deploy-virtual-cluster.md#deploy-a-virtual-cluster) guide. 
+
+  :::info
+
+  If the cluster group is part of a project, you can deploy a virtual cluster in *Cluster Mode*. From the **Main Menu**, click on **Cluster Groups** and select the **Virtual Clusters** tab.
+
+  :::
+
+  When the virtual cluster is finished deploying and in **Running** state, a kubeconfig file is generated that contains OIDC information inserted into it from the cluster group configuration.
+
+11. Use the **Kubeconfig** link that displays on the virtual clusters overview page to download the kubeconfig file. This will give you access to the Kubernetes cluster.
+
+  From the **User Menu**, switch to *App Mode*, click on **Virtual Clusters** and select the virtual cluster. In *Cluster Mode* navigate to the **Main Menu**, click on **Cluster Groups**, select the **Virtual Clusters** tab, and select the virtual cluster.
+
+12. Create the proper Kubernetes *roles* and *roleBindings* required to map the OIDC users with a Kubernetes role. Refer to the [Create Role Bindings](../cluster-management/cluster-rbac.md#create-role-bindings) for additional guidance.
+
+:::caution
+
+Configuring OIDC requires you to map a set of users or groups to a Kubernetes RBAC role. To learn how to map a Kubernetes role to users and groups, refer to [Create Role Bindings](../cluster-management/cluster-rbac.md#create-role-bindings). Refer to [Use RBAC with OIDC](../../integrations/kubernetes.md#use-rbac-with-oidc) for an example. 
+
+:::
+
+
+## Validate
+
+1. Log in to [Palette](https://console.spectrocloud.com) as a tenant admin.
+
+2. Navigate to your virtual clusters. In *Cluster Mode*, if the cluster group is part of a project, navigate to the left **Main Menu**, click on **Cluster Groups** and select the **Virtual Clusters** tab. Alternatively, you can switch to *App Mode* from the **User Menu** and select **Virtual Clusters**.
+
+3. Select the virtual cluster you deployed to the cluster group that has OIDC configured.
+
+4. Use the **Kubeconfig** link to download the kubeconfig file, and ensure you can connect to the cluster. Refer to the [Kubectl](../cluster-management/palette-webctl.md) guide for detailed steps. 
+
+
+## Resources
+
+- [Create and Manage Cluster Groups](../../clusters/cluster-groups/create-cluster-group.md)
+
+- [Deploy a Virtual Cluster](../palette-virtual-clusters/deploy-virtual-cluster.md#deploy-a-virtual-cluster)
+
+- [Create Role Bindings](../cluster-management/cluster-rbac.md#create-role-bindings)
+
+- [Use RBAC with OIDC](../../integrations/kubernetes.md#use-rbac-with-oidc)
+
+- [Kubectl](../cluster-management/palette-webctl.md)
\ No newline at end of file
diff --git a/docs/docs-content/integrations/kubernetes-edge.md b/docs/docs-content/integrations/kubernetes-edge.md
index ca701ae36a..82bc97e37a 100644
--- a/docs/docs-content/integrations/kubernetes-edge.md
+++ b/docs/docs-content/integrations/kubernetes-edge.md
@@ -16,8 +16,6 @@ The Palette eXtended Kubernetes - Edge (PXK-E) pack supports Kubernetes clusters
 Review our [Maintenance Policy](maintenance-policy.md) to learn about pack update and deprecation schedules.
 :::
 
-<br />
-
 ## What is PXK-E?
 
 PXK-E is a customized version of the open-source Cloud Native Computing Foundation (CNCF) distribution of Kubernetes. This Kubernetes distribution is customized and optimized for edge computing environments and can be deployed through Palette. PXK-E is the Kubernetes distribution Palette defaults to when deploying Edge clusters.
@@ -34,8 +32,6 @@ PXK-E allows you to apply different flavors of container storage interfaces (CSI
 
 There are no changes to the Kubernetes source code used in PXK-E, and it follows the same versioning schema as the upstream open-source Kubernetes distribution.
 
-<br />
-
 
 :::info
 
@@ -73,19 +69,13 @@ You can add cloud-init stages exposed by [Kairos](https://kairos.io/docs/archite
 
 You can also use pack settings described in the [Palette eXtended Kubernetes](kubernetes.md) guide.
 
-<br />
-
 
 ## Usage 
   
 The Kubeadm configuration file is where you can do the following:
 
-<br />
-
 - Manually configure a third-party OIDC IDP. For more information, check out [Configure Custom OIDC](kubernetes-edge.md#configure-custom-oidc).
 
-
-
 - Add a certificate for the Spectro Proxy pack if you want to use a reverse proxy with a Kubernetes cluster. For more information, refer to the [Spectro Proxy](frp.md) guide.
 
 
@@ -93,8 +83,6 @@ The Kubeadm configuration file is where you can do the following:
 
 The PXK-E Kubeadm configuration is updated to dynamically enable OIDC based on your IDP selection by adding the ``identityProvider`` parameter. 
 
-<br />
-
 ```yaml
 pack: 
   palette:
@@ -103,7 +91,6 @@ pack:
        identityProvider: <your_idp_selection>
 ```
 
-<br />
 
 #### Example Kubeadm Configuration File 
 
@@ -352,8 +339,6 @@ pack:
         identityProvider: palette
 ```
 
-<br />
-
 ### Configure OIDC Identity Provider
 
 The OIDC IDP feature offers the convenience of managing OIDC at the Kubernetes layer. The OIDC IDP feature is particularly useful for environments that do not have their own IDP configured. In this scenario, you can leverage Palette as an IDP without having to configure a third-party IDP. We also support the ability to take advantage of other OIDC providers by making it possible for you to configure OIDC at the tenant level. For additional flexibility, if you wish to use a different IDP than the one configured at the tenant level, you can select a different IDP by adding the OIDC configuration to your cluster profile.
@@ -362,20 +347,15 @@ When you add the PXK-E pack to a cluster profile, Palette displays the OIDC IDP
 
 All the options require you to map a set of users or groups to a Kubernetes RBAC role. To learn how to map a Kubernetes role to users and groups, refer to [Create Role Bindings](../clusters/cluster-management/cluster-rbac.md#create-role-bindings). 
 
+You can create a role binding that maps individual users or groups assigned within the OIDC provider's configuration to a role. To learn more, review [Use RBAC with OIDC](kubernetes-edge.md#use-rbac-with-oidc). You can also configure OIDC for virtual clusters. For guidance, refer to [Configure OIDC for a Virtual Cluster](../clusters/palette-virtual-clusters/configure-oidc-virtual-cluster.md).
 
-You can create a role binding that maps individual users or groups assigned within the OIDC provider's configuration to a role. To learn more, review [Use RBAC with OIDC](kubernetes-edge.md#use-rbac-with-oidc).
-
-<br />
 
 - **None**: This setting does not require OIDC configuration for the cluster. It displays in the YAML file as `noauth`. 
 
-
 - **Custom**: This is the default setting and does not require OIDC configuration. However, if desired, it allows you to specify a third-party OIDC provider by configuring OIDC statements in the YAML file as described in [Configure Custom OIDC](kubernetes-edge.md#configure-custom-oidc). This setting displays in the YAML file as `none`.
 
-
 - **Palette**: This setting makes Palette the IDP. Any user with a Palette account in the tenant and the proper permissions to view and access the project's resources is able to log into the Kubernetes dashboard. This setting displays in the YAML file as `palette`.
 
-
 - **Inherit from Tenant**: This setting allows you to apply RBAC to multiple clusters and requires you to configure OpenID Connect (OIDC) in **Tenant Settings**. In Tenant Admin scope, navigate to **Tenant Settings** > **SSO**, choose **OIDC**, and provide your third-party IDP details. This setting displays in the YAML file as `tenant`. For more information, check out the [SSO Setup](../user-management/saml-sso/enable-saml.md) guide.
 
 :::info
@@ -389,8 +369,6 @@ If your IDP uses Security Assertion Markup Language (SAML) authentication, then
 
 Follow these steps to configure a third-party OIDC IDP.
 
-<br />
-
 1. Add the following OIDC parameters to the `apiServer.extraArgs` section of your Kubernetes YAML file when creating a cluster profile.
 
 
@@ -459,18 +437,13 @@ You can add cloud-init stages exposed by [Kairos](https://kairos.io/docs/archite
 
 You can also use pack settings described in the [Palette eXtended Kubernetes](kubernetes.md) guide.
 
-<br />
-
 
 ## Usage 
   
 The Kubeadm configuration file is where you can do the following:
 
-<br />
-
 - Manually configure a third-party OIDC IDP. For more information, check out [Configure Custom OIDC](kubernetes-edge.md#configure-custom-oidc).
 
-
 - Add a certificate for the Spectro Proxy pack if you want to use a reverse proxy with a Kubernetes cluster. For more information, refer to the [Spectro Proxy](frp.md) guide.
 
 
@@ -478,7 +451,6 @@ The Kubeadm configuration file is where you can do the following:
 
 The PXK-E Kubeadm configuration is updated to dynamically enable OIDC based on your IDP selection by adding the ``identityProvider`` parameter. 
 
-<br />
 
 ```yaml
 pack: 
@@ -488,7 +460,6 @@ pack:
        identityProvider: <your_idp_selection>
 ```
 
-<br />
 
 #### Example Kubeadm Configuration File 
 
@@ -737,7 +708,6 @@ pack:
         identityProvider: palette
 ```
 
-<br />
 
 ### Configure OIDC Identity Provider
 
@@ -747,9 +717,8 @@ When you add the PXK-E pack to a cluster profile, Palette displays the OIDC IDP
 
 All the options require you to map a set of users or groups to a Kubernetes RBAC role. To learn how to map a Kubernetes role to users and groups, refer to [Create Role Bindings](../clusters/cluster-management/cluster-rbac.md#create-role-bindings). 
 
-You can create a role binding that maps individual users or groups assigned within the OIDC provider's configuration to a role. To learn more, review [Use RBAC with OIDC](kubernetes-edge.md#use-rbac-with-oidc).
+You can create a role binding that maps individual users or groups assigned within the OIDC provider's configuration to a role. To learn more, review [Use RBAC with OIDC](kubernetes-edge.md#use-rbac-with-oidc). You can also configure OIDC for virtual clusters. For guidance, refer to [Configure OIDC for a Virtual Cluster](../clusters/palette-virtual-clusters/configure-oidc-virtual-cluster.md).
 
-<br />
 
 - **None**: This setting does not require OIDC configuration for the cluster. It displays in the YAML file as `noauth`. 
 
@@ -773,7 +742,6 @@ If your IDP uses Security Assertion Markup Language (SAML) authentication, then
 
 Follow these steps to configure a third-party OIDC IDP.
 
-<br />
 
 1. Add the following OIDC parameters to the `apiServer.extraArgs` section of your Kubernetes YAML file when creating a cluster profile.
 
@@ -845,17 +813,13 @@ You can add cloud-init stages exposed by [Kairos](https://kairos.io/docs/archite
 
 You can also use pack settings described in the [Palette eXtended Kubernetes](kubernetes.md) guide.
 
-<br />
 
 ## Usage 
   
 The Kubeadm configuration file is where you can do the following:
 
-<br />
-
 - Manually configure a third-party OIDC IDP. For more information, check out [Configure Custom OIDC](kubernetes-edge.md#configure-custom-oidc). 
 
-
 - Add a certificate for the Spectro Proxy pack if you want to use a reverse proxy with a Kubernetes cluster. For more information, refer to the [Spectro Proxy](frp.md) guide.
 
 
@@ -863,8 +827,6 @@ The Kubeadm configuration file is where you can do the following:
 
 The PXK-E Kubeadm configuration is updated to dynamically enable OIDC based on your IDP selection by adding the ``identityProvider`` parameter. 
 
-<br />
-
 ```yaml
 palette:
    config:
@@ -872,7 +834,6 @@ palette:
        identityProvider: <your_idp_selection>
 ```
 
-<br />
 
 #### Example Kubeadm Configuration File 
 
@@ -1122,8 +1083,6 @@ stages:
         identityProvider: palette
   ```
 
-  <br />
-
 ### Configure OIDC Identity Provider
 
 The OIDC IDP feature offers the convenience of managing OIDC at the Kubernetes layer. The OIDC IDP feature is particularly useful for environments that do not have their own IDP configured. In this scenario, you can leverage Palette as an IDP without having to configure a third-party IDP. We also support the ability to take advantage of other OIDC providers by making it possible for you to configure OIDC at the tenant level. For additional flexibility, if you wish to use a different IDP than the one configured at the tenant level, you can select a different IDP by adding the OIDC configuration to your cluster profile.
@@ -1132,9 +1091,8 @@ When you add the PXK-E pack to a cluster profile, Palette displays the OIDC IDP
 
 All the options require you to map a set of users or groups to a Kubernetes RBAC role. To learn how to map a Kubernetes role to users and groups, refer to [Create Role Bindings](../clusters/cluster-management/cluster-rbac.md#create-role-bindings). 
 
-You can create a role binding that maps individual users or groups assigned within the OIDC provider's configuration to a role. To learn more, review [Use RBAC with OIDC](kubernetes-edge.md#use-rbac-with-oidc).
+You can create a role binding that maps individual users or groups assigned within the OIDC provider's configuration to a role. To learn more, review [Use RBAC with OIDC](kubernetes-edge.md#use-rbac-with-oidc). You can also configure OIDC for virtual clusters. For guidance, refer to [Configure OIDC for a Virtual Cluster](../clusters/palette-virtual-clusters/configure-oidc-virtual-cluster.md).
 
-<br />
 
 - **None**: This is the default setting and there is nothing to configure. This setting displays in the YAML file as `noauth`. 
 
@@ -1157,8 +1115,6 @@ If your IDP uses Security Assertion Markup Language (SAML) authentication, then
 
 Follow these steps to configure a third-party OIDC IDP.
 
-<br />
-
 1. Add the following OIDC parameters to the `apiServer.extraArgs` section of your Kubernetes YAML file when creating a cluster profile.
 
 
@@ -1233,11 +1189,8 @@ You can also use pack settings described in the [Palette eXtended Kubernetes](ku
   
 The Kubeadm configuration file is where you can do the following:
 
-<br />
-
 - Manually configure a third-party OIDC IDP. For more information, check out [Configure Custom OIDC](kubernetes-edge.md#configure-custom-oidc). 
 
-
 - Add a certificate for the Spectro Proxy pack if you want to use a reverse proxy with a Kubernetes cluster. For more information, refer to the [Spectro Proxy](frp.md) guide.
 
 
@@ -1245,8 +1198,6 @@ The Kubeadm configuration file is where you can do the following:
 
 The PXK-E Kubeadm configuration is updated to dynamically enable OIDC based on your IDP selection by adding the ``identityProvider`` parameter. 
 
-<br />
-
 ```yaml
 palette:
    config:
@@ -1254,7 +1205,6 @@ palette:
        identityProvider: <your_idp_selection>
 ```
 
-<br />
 
 #### Example Kubeadm Configuration File 
 
@@ -1498,7 +1448,7 @@ stages:
                 omitStages:
                   - "RequestReceived"
   ```
-<br />
+
 
 ### Configure OIDC Identity Provider
 
@@ -1508,19 +1458,15 @@ When you add the PXK-E pack to a cluster profile, Palette displays the OIDC IDP
 
 All the options require you to map a set of users or groups to a Kubernetes RBAC role. To learn how to map a Kubernetes role to users and groups, refer to [Create Role Bindings](../clusters/cluster-management/cluster-rbac.md#create-role-bindings). 
 
-You can create a role binding that maps individual users or groups assigned within the OIDC provider's configuration to a role. To learn more, review [Use RBAC with OIDC](kubernetes-edge.md#use-rbac-with-oidc).
+You can create a role binding that maps individual users or groups assigned within the OIDC provider's configuration to a role. To learn more, review [Use RBAC with OIDC](kubernetes-edge.md#use-rbac-with-oidc). You can also configure OIDC for virtual clusters. For guidance, refer to [Configure OIDC for a Virtual Cluster](../clusters/palette-virtual-clusters/configure-oidc-virtual-cluster.md).
 
-<br />
 
 - **None**: This is the default setting and there is nothing to configure. This setting displays in the YAML file as `noauth`. 
 
-
 - **Custom**: This setting allows you to specify a third-party OIDC provider by configuring OIDC statements in the Kubeadm configuration file as described in [Configure Custom OIDC](kubernetes-edge.md#configure-custom-oidc). This setting displays in the YAML file as `none`.
 
-
 - **Palette**: This setting makes Palette the IDP. Any user with a Palette account in the tenant and the proper permissions to view and access the project's resources is able to log into the Kubernetes dashboard. This setting displays in the YAML file as `palette`.
 
-
 - **Inherit from Tenant**: This setting allows you to apply RBAC to multiple clusters and requires you to configure OpenID Connect (OIDC) in **Tenant Settings**. In Tenant Admin scope, navigate to **Tenant Settings** > **SSO**, choose **OIDC**, and provide your third-party IDP details. This setting displays in the YAML file as `tenant`. For more information, check out the [SSO Setup](../user-management/saml-sso/enable-saml.md) guide.
 
 :::info
@@ -1534,8 +1480,6 @@ If your IDP uses Security Assertion Markup Language (SAML) authentication, then
 
 Follow these steps to configure a third-party OIDC IDP.
 
-<br />
-
 1. Add the following OIDC parameters to the `apiServer.extraArgs` section of your Kubernetes YAML file when creating a cluster profile.
 
 
@@ -1570,7 +1514,6 @@ kubeadmconfig:
 
 You can create a role binding that uses individual users as the subject or specify a group name as the subject to map many users to a role. The group name is the group assigned in the OIDC provider's configuration. Below is an example. To learn more, review [Create Role Bindings](../clusters/cluster-management/cluster-rbac.md#create-role-bindings).
 
-
 Assume you created a group named `dev-east-2` within an OIDC provider. If you configure the host cluster's Kubernetes pack with all the correct OIDC settings, you could then create a role binding for the `dev-east-2` group. 
 
 In this example, Palette is used as the IDP, and all users in the `dev-east-2` would inherit the `cluster-admin` role.
diff --git a/docs/docs-content/integrations/kubernetes.md b/docs/docs-content/integrations/kubernetes.md
index 01606b1b29..ca022fbec8 100644
--- a/docs/docs-content/integrations/kubernetes.md
+++ b/docs/docs-content/integrations/kubernetes.md
@@ -117,7 +117,6 @@ palette:
        identityProvider: <your_idp_selection>
 ```
 
-<br />
 
 ### Example Kubeadm Configuration File 
 
@@ -230,7 +229,6 @@ kubeadmconfig:
     #oidc-extra-scope: profile,email
 ```
 
-<br />
 
 ### Configure OIDC Identity Provider
 
@@ -238,7 +236,7 @@ Platforms that use PXK can use the OIDC IDP feature, which offers the convenienc
 
 When you add the PXK pack to a cluster profile, Palette displays the OIDC IDP options listed below. 
 
-All the options require you to map a set of users or groups to a Kubernetes RBAC role. To learn how to map a Kubernetes role to users and groups, refer to [Create Role Bindings](/clusters/cluster-management/cluster-rbac#create-role-bindings). 
+All the options require you to map a set of users or groups to a Kubernetes RBAC role. To learn how to map a Kubernetes role to users and groups, refer to [Create Role Bindings](/clusters/cluster-management/cluster-rbac#create-role-bindings). You can also configure OIDC for virtual clusters. For guidance, refer to [Configure OIDC for a Virtual Cluster](../clusters/palette-virtual-clusters/configure-oidc-virtual-cluster.md).
 
 - **None**: This setting does not require OIDC configuration for the cluster. It displays in the YAML file as `noauth`. 
 
@@ -248,7 +246,6 @@ All the options require you to map a set of users or groups to a Kubernetes RBAC
 
   :::
 
-  <br />
 
 - **Custom**: This is the default setting and does not require OIDC configuration. However, if desired, it allows you to specify a third-party OIDC provider by configuring OIDC statements in the YAML file as described in [Configure Custom OIDC](#configurecustomoidc). This setting displays in the YAML file as `none`.
 
@@ -262,7 +259,6 @@ All the options require you to map a set of users or groups to a Kubernetes RBAC
 
   :::
 
-  <br />
 
 ### Configure Custom OIDC
 
@@ -336,7 +332,6 @@ clientConfig:
 
 </Tabs>
 
-<br />
 
 ### Use RBAC with OIDC
 
@@ -545,7 +540,6 @@ kubeadmconfig:
     #oidc-extra-scope: profile,email
 ```
 
-<br />
 
 ### Configure OIDC Identity Provider
 
@@ -553,7 +547,7 @@ Platforms that use PXK can use the OIDC IDP feature, which offers the convenienc
 
 When you add the PXK pack to a cluster profile, Palette displays the OIDC IDP options listed below. 
 
-All the options require you to map a set of users or groups to a Kubernetes RBAC role. To learn how to map a Kubernetes role to users and groups, refer to [Create Role Bindings](../clusters/cluster-management/cluster-rbac.md#create-role-bindings). 
+All the options require you to map a set of users or groups to a Kubernetes RBAC role. To learn how to map a Kubernetes role to users and groups, refer to [Create Role Bindings](../clusters/cluster-management/cluster-rbac.md#create-role-bindings). You can also configure OIDC for virtual clusters. For guidance, refer to [Configure OIDC for a Virtual Cluster](../clusters/palette-virtual-clusters/configure-oidc-virtual-cluster.md).
 
 
 
@@ -565,7 +559,6 @@ All the options require you to map a set of users or groups to a Kubernetes RBAC
 
   :::
 
-  <br />
 
 - **Custom**: This is the default setting and does not require OIDC configuration. However, if desired, it allows you to specify a third-party OIDC provider by configuring OIDC statements in the YAML file as described in [Configure Custom OIDC](#configurecustomoidc). This setting displays in the YAML file as `none`.
 
@@ -579,7 +572,6 @@ All the options require you to map a set of users or groups to a Kubernetes RBAC
 
   :::
 
-<br />
 
 ### Configure Custom OIDC
 
@@ -653,7 +645,6 @@ Follow these steps to configure OIDC for managed EKS clusters.
 
 </Tabs>
 
-<br />
 
 ### Use RBAC with OIDC
 
@@ -738,13 +729,11 @@ You can only specify the service domain at cluster creation. After cluster creat
 
 For more information about networking configuration with DNS domains, refer to the Kubernetes [Networking](https://kubernetes.io/docs/reference/config-api/kubeadm-config.v1beta3/#kubeadm-k8s-io-v1beta3-Networking) API documentation.
 
-<br />
 
 ### Configuration Changes
 
 The PXK Kubeadm configuration is updated to dynamically enable OIDC based on your IDP selection by adding the ``identityProvider`` parameter. 
 
-<br />
 
 ```yaml hideClipboard
 palette:
@@ -753,7 +742,6 @@ palette:
        identityProvider: <your_idp_selection>
 ```
 
-<br />
 
 ### Example Kubeadm Configuration File 
 
@@ -864,7 +852,6 @@ kubeadmconfig:
     #oidc-extra-scope: profile,email
   ```
 
-  <br />
 
 ### Configure OIDC Identity Provider
 
@@ -872,7 +859,7 @@ Platforms that use PXK can use the OIDC IDP feature, which offers the convenienc
 
 When you add the PXK pack to a cluster profile, Palette displays the OIDC IDP options listed below. 
 
-All the options require you to map a set of users or groups to a Kubernetes RBAC role. To learn how to map a Kubernetes role to users and groups, refer to [Create Role Bindings](../clusters/cluster-management/cluster-rbac.md#create-role-bindings). 
+All the options require you to map a set of users or groups to a Kubernetes RBAC role. To learn how to map a Kubernetes role to users and groups, refer to [Create Role Bindings](../clusters/cluster-management/cluster-rbac.md#create-role-bindings). You can also configure OIDC for virtual clusters. For guidance, refer to [Configure OIDC for a Virtual Cluster](../clusters/palette-virtual-clusters/configure-oidc-virtual-cluster.md).
 
 
 - **None**: This is the default setting and there is nothing to configure. This setting displays in the YAML file as `noauth`. 
@@ -883,7 +870,6 @@ All the options require you to map a set of users or groups to a Kubernetes RBAC
 
   :::
 
-  <br />
 
 - **Custom**: This setting allows you to specify a third-party OIDC provider by configuring OIDC statements in the Kubeadm configuration file as described in [Configure Custom OIDC](#configurecustomoidc). This setting displays in the YAML file as `none`.
 
@@ -897,7 +883,6 @@ All the options require you to map a set of users or groups to a Kubernetes RBAC
 
   :::
 
-  <br />
 
 ### Configure Custom OIDC
 
@@ -942,8 +927,6 @@ Follow these steps to configure a third-party OIDC IDP. You can apply these step
 
 Follow these steps to configure OIDC for managed EKS clusters.
 
-<br />
-
 1. In the Kubernetes pack, uncomment the lines in the `oidcIdentityProvider` parameter section of the Kubernetes pack, and enter your third-party provider details.
 
 ```yaml
@@ -972,8 +955,6 @@ clientConfig:
 
 </Tabs>
 
-<br />
-
 ### Use RBAC with OIDC
 
 You can create a role binding that uses individual users as the subject or specify a group name as the subject to map many users to a role. The group name is the group assigned in the OIDC provider's configuration. Below is an example. To learn more, review [Create Role Bindings](../clusters/cluster-management/cluster-rbac.md#create-role-bindings).
@@ -1055,7 +1036,6 @@ You can only specify the service domain at cluster creation. After cluster creat
 
 For more information about networking configuration with DNS domains, refer to the Kubernetes [Networking](https://kubernetes.io/docs/reference/config-api/kubeadm-config.v1beta3/#kubeadm-k8s-io-v1beta3-Networking) API documentation.
 
-<br />
 
 ### Configuration Changes
 
@@ -1068,7 +1048,6 @@ palette:
        identityProvider: <your_idp_selection>
 ```
 
-<br />
 
 ### Example Kubeadm Configuration File 
 
@@ -1149,7 +1128,6 @@ kubeadmconfig:
   #oidc-client-secret: yourSecretClientSecretGoesHere
   #oidc-extra-scope: profile,email
   ```
-<br />
 
 ### Configure OIDC Identity Provider
 
@@ -1157,7 +1135,7 @@ Platforms that use PXK can use the OIDC IDP feature, which offers the convenienc
 
 When you add the PXK pack to a cluster profile, Palette displays the OIDC IDP options listed below. 
 
-All the options require you to map a set of users or groups to a Kubernetes RBAC role. To learn how to map a Kubernetes role to users and groups, refer to [Create Role Bindings](../clusters/cluster-management/cluster-rbac.md#create-role-bindings). 
+All the options require you to map a set of users or groups to a Kubernetes RBAC role. To learn how to map a Kubernetes role to users and groups, refer to [Create Role Bindings](../clusters/cluster-management/cluster-rbac.md#create-role-bindings). You can also configure OIDC for virtual clusters. For guidance, refer to [Configure OIDC for a Virtual Cluster](../clusters/palette-virtual-clusters/configure-oidc-virtual-cluster.md).
 
 - **None**: This is the default setting and there is nothing to configure. This setting displays in the YAML file as `noauth`. 
 
@@ -1167,8 +1145,6 @@ All the options require you to map a set of users or groups to a Kubernetes RBAC
 
   :::
 
-<br />
-
 - **Custom**: This setting allows you to specify a third-party OIDC provider by configuring OIDC statements in the Kubeadm configuration file as described in [Configure Custom OIDC](#configurecustomoidc). This setting displays in the YAML file as `none`.
 
 - **Palette**: This setting makes Palette the IDP. Any user with a Palette account in the tenant and the proper permissions to view and access the project's resources is able to log into the Kubernetes dashboard. This setting displays in the YAML file as `palette`.
@@ -1181,7 +1157,6 @@ All the options require you to map a set of users or groups to a Kubernetes RBAC
 
   :::
 
-<br />
 
 ### Configure Custom OIDC
 
@@ -1226,8 +1201,6 @@ Follow these steps to configure a third-party OIDC IDP. You can apply these step
 
 Follow these steps to configure OIDC for managed EKS clusters.
 
-<br />
-
 1. In the Kubernetes pack, uncomment the lines in the `oidcIdentityProvider` parameter section of the Kubernetes pack, and enter your third-party provider details.
 
   ```yaml
@@ -1256,8 +1229,6 @@ Follow these steps to configure OIDC for managed EKS clusters.
 
 </Tabs>
 
-<br />
-
 ### Use RBAC with OIDC
 
 You can create a role binding that uses individual users as the subject or specify a group name as the subject to map many users to a role. The group name is the group assigned in the OIDC provider's configuration. Below is an example. To learn more, review [Create Role Bindings](../clusters/cluster-management/cluster-rbac.md#create-role-bindings).
diff --git a/static/assets/docs/images/clusters_palette-virtual-clusters_configure-vcluster-oidc.png b/static/assets/docs/images/clusters_palette-virtual-clusters_configure-vcluster-oidc.png
new file mode 100644
index 0000000000..4125447933
Binary files /dev/null and b/static/assets/docs/images/clusters_palette-virtual-clusters_configure-vcluster-oidc.png differ