Update to include limitations and integrations (#1047)

Author: abhi-g

content/docs/other-guides/multi-user-overview.md

@@ -196,6 +196,28 @@ with another user in the system.
 
 -->
 
+## Current Integration and Limitations
+
+The Jupyter notebooks service is the first application to be fully integrated with
+multi-user isolation. Access to the notebooks and the creation of notebooks is 
+controlled by the profile access policies set by the Administrator or the owners
+of the profiles. Resources created by the notebooks (eg. Training jobs and
+deployments) will also inherit the same access.
+
+Metadata and Pipelines or any other applications currently don't have full
+fledged integration with isolation, though they will have access to the user
+identity through the headers of the incoming requests. It's upto the individual
+applications to leverage the available identity and create isolation stories
+that make sense for them.
+
+On GCP, the authentication and identify token is generated by GCP IAM and carried
+through the requests as a JWT Token in header. Other cloud providers can have a
+similar header to provide identity information.
+
+For on-premise deployments, Kubeflow leverages Dex as a federated OpenID connection
+provider and can be integrated with LDAP or Active Directory to provide authentication
+and identity services.
+