diff --git a/website/docs/integrations/services/rancher/index.md b/website/docs/integrations/services/rancher/index.md
index 526740b69..03ab3796c 100644
--- a/website/docs/integrations/services/rancher/index.md
+++ b/website/docs/integrations/services/rancher/index.md
@@ -15,17 +15,39 @@ Rancher is a platform built to address the needs of the DevOps teams deploying a
 
 The following placeholders will be used:
 
--   `rancher.company` is the FQDN of the Rancher install.
--   `authentik.company` is the FQDN of the authentik install.
+- `rancher.company` is the FQDN of the Rancher install.
+- `authentik.company` is the FQDN of the authentik install.
 
-Create an application in authentik and note the slug, as this will be used later. Create a SAML provider with the following parameters:
+Under *Property Mappings*, create a *SAML Property Mapping*. Give it a name like "SAML Rancher User ID". Set the SAML name to `rancherUidUsername` and the expression to the following
 
--   ACS URL: `https://rancher.company/v1-saml/adfs/saml/acs`
--   Audience: `https://rancher.company/v1-saml/adfs/saml/metadata`
--   Issuer: `authentik`
+```python
+return f"{user.pk}-{user.username}"
+```
+
+Create an application in authentik. Create a SAML provider with the following parameters:
+
+- ACS URL: `https://rancher.company/v1-saml/adfs/saml/acs`
+- Audience: `https://rancher.company/v1-saml/adfs/saml/metadata`
+- Issuer: `authentik`
+- Property mappings: Select all default mappings and the mapping you've created above.
 
 You can of course use a custom signing certificate, and adjust durations.
 
 ## Rancher
 
+In Rancher, navigate to *Global* -> *Security* -> *Authentication*, and select ADFS.
+
+Fill in the fields
+
+- Display Name Field: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name`
+- User Name Field: `http://schemas.goauthentik.io/2021/02/saml/username`
+- UID Field: `rancherUidUsername`
+- Groups Field: `http://schemas.xmlsoap.org/claims/Group`
+
+For the private key and certificate, you can either generate a new pair (in authentik, navigate to *Identity & Cryptography* -> *Certificates* and select Generate), or use an existing pair.
+
+Copy the metadata from authentik, and paste it in the metadata field.
+
+Click on save to test the authentication.
+
 ![](./rancher.png)
diff --git a/website/docs/integrations/services/rancher/rancher.png b/website/docs/integrations/services/rancher/rancher.png
index 2e245f147..070142f01 100644
Binary files a/website/docs/integrations/services/rancher/rancher.png and b/website/docs/integrations/services/rancher/rancher.png differ
diff --git a/website/docs/releases/2021.2.md b/website/docs/releases/2021.2.md
index 449800f5d..3a599801e 100644
--- a/website/docs/releases/2021.2.md
+++ b/website/docs/releases/2021.2.md
@@ -44,10 +44,11 @@ Due to the switch to managed objects, some default property mappings are changin
 The change affects the "SAML Name" property, which has been changed from an oid to a Schema URI to aid readability.
 
 The integrations affected are:
-- [NextCloud](/docs/integrations/services/nextcloud/index)
-- [Sentry](/docs/integrations/services/sentry/index)
-- [GitLab](/docs/integrations/services/gitlab/index)
 - [Ansible Tower/AWX](/docs/integrations/services/awx-tower/index)
+- [GitLab](/docs/integrations/services/gitlab/index)
+- [NextCloud](/docs/integrations/services/nextcloud/index)
+- [Rancher](/docs/integrations/services/rancher/index)
+- [Sentry](/docs/integrations/services/sentry/index)
 
 ### docker-compose