From efe420b737d0800c879f2696cfac62f924d1cc34 Mon Sep 17 00:00:00 2001
From: Andrew Keesler <akeesler@vmware.com>
Date: Fri, 25 Sep 2020 12:56:45 -0700
Subject: [PATCH] Add mention of how to work around MacOS download security in
 demo.md

Signed-off-by: Ryan Richard <richardry@vmware.com>
---
 doc/demo.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/doc/demo.md b/doc/demo.md
index 7d4d412b..49eaf5fa 100644
--- a/doc/demo.md
+++ b/doc/demo.md
@@ -131,6 +131,13 @@ for a more specific example of installing onto a local kind cluster, including t
    pinniped get-kubeconfig --token "pinny-the-seal:password123" --idp-type webhook --idp-name local-user-authenticator > /tmp/pinniped-kubeconfig
    ```
 
+   If you are using MacOS, you may get an error dialog that says
+   `“pinniped” cannot be opened because the developer cannot be verified`. Cancel this dialog, open System Preferences,
+   click on Security & Privacy, and click the Allow Anyway button next to the Pinniped message.
+   Run the above command again and another dialog will appear saying
+   `macOS cannot verify the developer of “pinniped”. Are you sure you want to open it?`.
+   Click Open to allow the command to proceed.
+
    Note that the above command will print a warning to the screen. You can ignore this warning.
    Pinniped tries to auto-discover the URL for the Kubernetes API server, but it is not able
    to do so on kind clusters. The warning is just letting you know that the Pinniped CLI decided