final edit

Author: deadlypants1973

src/content/docs/cloudflare-one/applications/configure-apps/dash-sso-apps.mdx

@@ -59,8 +59,8 @@ Cloudflare dashboard SSO does not support:
 
 - Users with plus-addressed emails, such as `[email protected]`. If you have users like this added to your Cloudflare organization, they will be unable to login with SSO.
 - IdP initiated logins (such as a tile in Okta). All login attempts must originate from `https://dash.cloudflare.com`. You can create a bookmark for this URL in your IdP to assist users.
-- Adding a separate email-based policy to the SSO application that does not match your SSO domain policy.
-- Deleting the auto-generated `allow email domain` policy. Deleting this policy would make the Cloudflare dashboard inaccessible for your organization.
+- Adding a separate email-based policy to the SSO application that does not match your SSO domain policy. As your account team must [approve and create your SSO domain](/cloudflare-one/applications/configure-apps/dash-sso-apps/#2-contact-your-account-team) based on the [SSO domain requirements](/cloudflare-one/applications/configure-apps/dash-sso-apps/#sso-domain-requirements), adding a new policy domain policy on your own will not work.
+- Deleting the auto-generated `allow email domain` policy. If this policy was deleted, your organization's administrators would not be able to access the Cloudflare dashboard.
 
 ## Bypass dashboard SSO