SaaS app UI instructions

Author: ranbel

src/content/docs/cloudflare-one/applications/configure-apps/mcp-servers/linked-apps.mdx

@@ -8,7 +8,7 @@ sidebar:
 
 import { Render, GlossaryTooltip } from "~/components"
 
-Cloudflare Access can delegate access from any [self-hosted application](/cloudflare-one/applications/configure-apps/self-hosted-public-app/) to an [Access for SaaS MCP server](/cloudflare-one/applications/configure-apps/mcp-servers/saas-mcp/) via <GlossaryTooltip term="OAuth">OAuth</GlossaryTooltip>. The OAuth grant authorizes the MCP server to make requests to your self-hosted applications on behalf of the user, using the user's specific permissions and scopes.
+Cloudflare Access can delegate access from any [self-hosted application](/cloudflare-one/applications/configure-apps/self-hosted-public-app/) to an [Access for SaaS MCP server](/cloudflare-one/applications/configure-apps/mcp-servers/saas-mcp/) via [OAuth](https://modelcontextprotocol.io/specification/2025-03-26/basic/authorization). The OAuth grant authorizes the MCP server to make requests to your self-hosted applications on behalf of the user, using the user's specific permissions and scopes.
 
 For example, your organization may wish to deploy an MCP server that helps employees interact with internal Atlassian applications. You can configure [Access policies](/cloudflare-one/policies/access/#selectors) to ensure that only authorized users can access those applications, either directly or by using an <GlossaryTooltip term="MCP client">MCP client</GlossaryTooltip>.
 

src/content/docs/cloudflare-one/applications/configure-apps/mcp-servers/saas-mcp.mdx

@@ -18,22 +18,25 @@ You can secure <GlossaryTooltip term="MCP server">Model Context Protocol (MCP) s
 
 1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Access** > **Applications**.
 2. Select **SaaS**.
-3. For **Application**, select *Salesforce*.
-4. For the authentication protocol, select **OIDC**.
+3. In **Application**, enter a custom name (for example, `MCP server`) and select the textbox that appears below.
+4. Select **OIDC** as the authentication protocol.
 5. Select **Add application**.
-6. In **Scopes**, select the attributes that you want Access to send in the ID token.
-7. In **Redirect URLs**, enter the callback URL obtained from Salesforce (`https://<your-domain>.my.salesforce.com/services/authcallback/<URL Suffix>`). Refer to [Add a SSO provider to Salesforce](#2-add-a-sso-provider-to-salesforce) for instructions on obtaining this value.
-8. (Optional) Enable [Proof of Key Exchange (PKCE)](https://www.oauth.com/oauth2-servers/pkce/) if the protocol is supported by your IdP. PKCE will be performed on all login attempts.
-9. Copy the following values:
-   * **Client ID**
-   * **Client Secret**
-   * **Authorization endpoint**
-   * **Token endpoint**
-   * **User info endpoint**
-10. Configure [Access policies](/cloudflare-one/policies/access/) for the application.
-11. (Optional) In **Experience settings**, configure [App Launcher settings](/cloudflare-one/applications/app-launcher/) by turning on **Enable App in App Launcher** and, in **App Launcher URL**, entering `https://<your-domain>.my.salesforce.com`.
-12. Save the application.
+6. In **Redirect URLs**, enter the authorization callback URL for your MCP server (for example, `https://<SERVER-NAME>.<SUBDOMAIN>.workers.dev/callback`). Refer to your MCP server documentation for instructions on obtaining this value.
+7. Copy the following values to input into your MCP server's OAuth configuration. Different MCP servers may require different sets of input values.
+   - **Client secret**
+	 - **Client ID**
+	 - **Configuration endpoint**
+	 - **Issuer**
+   - **Token endpoint**
+   - **Authorization endpoint**
+	 - **Key endpoint**
+   - **Userinfo endpoint**
+8. (Optional) Under **Advanced settings**, turn on [**Refresh tokens**](/cloudflare-one/applications/configure-apps/saas-apps/generic-oidc-saas/#advanced-settings) to reduce the number of times a user needs to log in to the identity provider.
+9. Configure [Access policies](/cloudflare-one/policies/access/) to define the users can access the MCP server.
+10. Save the application.
 
 ## 2. Configure your MCP server
 
+
+
 ## Deploy an example MCP server