Expand Ask Fern authentication and RBAC documentation

fern/products/ask-fern/pages/features/rbac.mdx

@@ -5,4 +5,26 @@ description: Ask Fern respects your documentation's role-based access control se
 
 Ask Fern automatically respects the [role-based access control (RBAC) settings configured in your documentation](/docs/authentication/rbac). When users query Ask Fern, they only receive answers from documentation they have permission to access based on their assigned roles.
 
-This works at all levels, from entire sections down to individual pages and conditional content within pages. 
+This works at all levels, from entire sections down to individual pages and conditional content within pages.
+
+## How authentication works
+
+Ask Fern uses the same authentication system as your documentation site. When a user is authenticated, Ask Fern verifies their identity and roles before retrieving content:
+
+1. The user's `FERN_TOKEN` is sent with each Ask Fern request
+2. Ask Fern verifies the token against your documentation's authentication endpoint
+3. If authenticated, Ask Fern retrieves the user's assigned roles
+4. Content is filtered to only include documents the user has permission to access
+
+If authentication fails or no token is provided, Ask Fern continues with unauthenticated access, returning only public documentation.
+
+## Role-based content filtering
+
+Ask Fern applies role-based filtering at the search level, ensuring users only see content they're authorized to access:
+
+- **Public content**: Available to all users, including unauthenticated users
+- **Role-restricted content**: Only returned for users with matching roles
+- **Multi-role requirements**: Content requiring multiple roles (e.g., "admin&developer") is only shown to users with all required roles
+- **Version and product filtering**: Content is also filtered by the user's current documentation version and product context
+
+This filtering happens automatically during the AI search process, so responses never include unauthorized content.