Add information on CCG app

content/guides/authentication/client-credentials/index.md

@@ -46,12 +46,23 @@ If you would like to authenticate as the application's [Service Account][sa]:
 - set `box_subject_type` to `enterprise`
 - set `box_subject_id` to the enterprise ID
 
-If you would like to authenticate as a Managed User:
+<Samples id='x_auth' variant='with_client_credentials' ></Samples>
+
+If you would like to authenticate as an admin or a managed user:
 
 - set `box_subject_type` to `user`
 - set `box_subject_id` to the user ID
+- enable **App + Enterprise Access** and **Generate User Access Tokens** Box [Developer Console][devconsole]
 
-<Samples id='x_auth' variant='with_client_credentials' ></Samples>
+<Samples id='x_auth' variant='with_ccg_admin_managed_user' ></Samples>
+
+If you would like to authenticate as any application user:
+
+- set `box_subject_type` to `user`
+- set `box_subject_id` to the user ID
+- enable **Generate User Access Tokens** in the Box [Developer Console][devconsole]
+
+<Samples id='x_auth' variant='with_ccg_app_user' ></Samples>
 
 ## Common Errors
 
@@ -69,7 +80,13 @@ This error indicates either:
 
 - the client ID and client secret passed are incorrect or are not for the same application,
 
-- the `box_subject_id` cannot be used based on the selected [application access][aa]. For example, if you send in a `box_subject_type` of `enterprise` and your application is configured for App Access Only, the `grant credentials are invalid` error will be returned,
+- the `box_subject_id` cannot be used based on the selected [application access][aa]. 
+
+<Message warning>
+
+A CCG app with App Access Only can send in the `box_subject_type` of `enterprise` to authenticate as its service account, but it can't authenticate as a managed user or an admin.
+
+</Message>
 
 - to use a `box_subject_type` of `user`, your application should be configured to generate user access tokens in the **Advanced Features** section of the **Configuration tab**.