rewrite SSO

Author: mletalie

modules/rosa-configure.adoc

@@ -12,19 +12,19 @@ Use the following commands to configure the {product-title} (ROSA) CLI, `rosa`.
 == login
 There are several methods you can use to log into your Red{nbsp}Hat account using the {product-title} (ROSA) CLI (`rosa`). These methods are described in detail below.
 
-[IMPORTANT]
-====
-An offline authentication token is long-lived, stored on your operating system, and cannot be revoked. These factors increase overall security risks and the likelihood of unauthorized access to your account. Alternatively, the Red{nbsp}Hat secure browser-based single sign-on (SSO) method automatically sends your CLI instance a refresh token that is valid for 10 hours. Because this authorization code is unique and temporary, it is more secure and is the Red{nbsp}Hat recommended method of authentication.
-====
-
-// Furthermore, offline authentication tokens are usually stored on your device by your operating system, which means other apps on your machine can access a token if the token is not properly secured. These offline tokens are long-lived and cannot be revoked. Users must copy and paste them manually which creates a security risk. Because of these factors, Red{nbsp}Hat recommends using the single sign-on method when logging into your account with the ROSA CLI (`rosa`). This method is more secure than logging in with an offline token.
+// [IMPORTANT]
+// ====
+// An offline authentication token is long-lived, stored on your operating system, and cannot be revoked. These factors increase overall security risks and the likelihood of unauthorized access to your account. Alternatively, the Red{nbsp}Hat secure browser-based single sign-on (SSO) method automatically sends your CLI instance a refresh token that is valid for 10 hours. Because this authorization code is unique and temporary, it is more secure and is the Red{nbsp}Hat recommended method of authentication.
 // ====
-
 
 [id="rosa-login-sso_{context}"]
-=== login with single sign-on (SSO) authorization code
+=== Authenticating the {product-title} (ROSA) CLI with Red Hat Single Sign-On
+
+If your system supports a web-based browser, you can log in to the ROSA CLI (`rosa`) with a Red{nbsp}Hat single sign-on (SSO) authorization code. Red{nbsp}Hat recommends using the `rosa` command line tool with Red{nbsp}Hat single Sign-On, instead of using an offline authentication token.
+
+An offline authentication token is long-lived, stored on your operating system, and cannot be revoked. These factors increase overall security risks and the likelihood of unauthorized access to your account. Alternatively, authenticating with the Red{nbsp}Hat single sign-on (SSO) method automatically sends your CLI instance a refresh token that is valid for 10 hours. Because this authorization code is unique and temporary, it is more secure and less likely to be used for unauthorized access to your account.
+
 
-If your system supports a web-based browser, you can log in to the ROSA CLI (`rosa`) with a Red{nbsp}Hat single sign-on (SSO) authorization code.
 
 [NOTE]
 ====