Add IdP flexibility and customizable naming notes to scopes documentation

- Add note that FGAC concepts apply to any IdP, not just Cognito
- Clarify that group names and scope names are fully customizable by platform admins
- Emphasize consistency requirement between IdP and scopes.yml configuration

Author: aarora79

docs/scopes.md

@@ -1,5 +1,7 @@
 # Fine-Grained Access Control System Documentation
 
+> **Note**: While this document discusses Fine-Grained Access Control (FGAC) in the context of Amazon Cognito, the concepts and implementation apply to any Identity Provider (IdP). The same scope-based authorization model can be used with other OAuth2/OIDC providers by adapting the group mapping and token validation mechanisms.
+
 This document provides comprehensive documentation for the fine-grained access control system in the MCP Gateway Registry, explaining how the scope-based authorization model works and how to configure it properly.
 
 ## Table of Contents
@@ -108,6 +110,8 @@ group_mappings:
     - mcp-servers-restricted/read           # Limited server access
 ```
 
+> **Important**: All group names (such as `mcp-registry-admin`, `mcp-registry-user`) and scope names (such as `mcp-servers-unrestricted/read`, `mcp-servers-restricted/execute`) are completely customizable by the platform administrator deploying this solution. These names are examples and can be changed to match your organization's naming conventions and security requirements. The same group names must be configured consistently in both your Identity Provider (IdP) and the `scopes.yml` configuration file.
+
 ## Methods vs Tools Access Control
 
 One of the key features of the access control system is its ability to differentiate between MCP protocol methods and specific tools, providing granular control over what operations users can perform.