add generic instructions

ranbel · ranbel · commit b5b5d8b621b5 · 2024-11-14T19:07:26.000-05:00
diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/generic-oidc.mdx b/src/content/docs/cloudflare-one/identity/idp-integration/generic-oidc.mdx
@@ -5,6 +5,8 @@ sidebar:
   order: 1
 ---
 
+import { Render } from "~/components";
+
 Cloudflare Access has a generic OpenID Connect (OIDC) connector to help you integrate IdPs not already set in Access.
 
 ## Set up a generic OIDC
@@ -39,12 +41,38 @@ Cloudflare Access has a generic OpenID Connect (OIDC) connector to help you inte
 
 8. (Optional) Enable [Proof of Key Exchange (PKCE)](https://www.oauth.com/oauth2-servers/pkce/) if the protocol is supported by your IdP. PKCE will be performed on all login attempts.
 
-9. (Optional) Under **Optional configurations**, enter [custom OIDC claims](#oidc-claims) that you wish to add to users' identity. This information will be available in the [user identity endpoint](/cloudflare-one/identity/authorization-cookie/application-token/#user-identity).
+9. (Optional) To enable SCIM, refer to [Synchronize users and groups](#synchronize-users-and-groups).
+
+10. (Optional) Under **Optional configurations**, enter [custom OIDC claims](#oidc-claims) that you wish to add to users' identity. This information will be available in the [user identity endpoint](/cloudflare-one/identity/authorization-cookie/application-token/#user-identity).
 
-10. Select **Save**.
+11. Select **Save**.
 
 To test that your connection is working, go to **Authentication** > **Login methods** and select **Test** next to the login method you want to test. On success, a confirmation screen displays.
 
+## Synchronize users and groups
+
+The generic OIDC integration allows you to synchronize user groups and automatically deprovision users using [SCIM](/cloudflare-one/identity/users/scim/).
+
+### Prerequisites
+
+Your identity provider must support SCIM version 2.0.
+
+### 1. Enable SCIM in Zero Trust
+
+<Render
+	file="access/enable-scim-on-dashboard"
+	params={{ idp: "IdP"}}
+/>
+
+### 2. Configure SCIM in the IdP
+
+Setup instructions vary depending on the identity provider. In your identity provider, you will either need to edit the original [SSO application](#1-create-an-application-in-your-identity-provider) or create a new SCIM application. Refer to your identity provider's documentation for more details. For example instructions, refer to our [Okta](/cloudflare-one/identity/idp-integration/okta/#synchronize-users-and-groups) or [Jumpcloud](/cloudflare-one/identity/idp-integration/jumpcloud-saml/#synchronize-users-and-groups) guides.
+
+### 3. Verify SCIM provisioning
+
+<Render file="access/verify-scim-provisioning"/>
+
+
 ## Optional configurations
 
 ### OIDC claims
diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/generic-saml.mdx b/src/content/docs/cloudflare-one/identity/idp-integration/generic-saml.mdx
@@ -5,6 +5,8 @@ sidebar:
   order: 2
 ---
 
+import { Render } from "~/components";
+
 Cloudflare Zero Trust integrates with any identity provider that supports SAML 2.0. If your identity provider is not listed in the integration list of login methods in Zero Trust, it can be configured using SAML 2.0 (or OpenID if OIDC based). Generic SAML can also be used if you would like to pass additional SAML headers or claims for an IdP in the integration list.
 
 ## Prerequisites
@@ -45,13 +47,37 @@ To download the SAML metadata file, copy-paste the metadata endpoint into a web
 2. Select **Add new** and select **SAML**.
 3. Choose a descriptive name for your identity provider.
 4. Enter the **Single Sign on URL**, **IdP Entity ID or Issuer URL**, and **Signing certificate** obtained from your identity provider.
-5. (Optional) Enter [optional configurations](#optional-configurations).
-6. Select **Save**.
+5. (Optional) To enable SCIM, refer to [Synchronize users and groups](#synchronize-users-and-groups).
+6. (Optional) Under **Optional configurations**, configure [additional SAML options](#optional-configurations).
+7. Select **Save**.
 
 ## 3. Test the connection
 
 You can now [test the IdP integration](/cloudflare-one/identity/idp-integration/#test-idps-in-zero-trust). A success response should return the configured SAML attributes.
 
+## Synchronize users and groups
+
+The generic SAML integration allows you to synchronize user groups and automatically deprovision users using [SCIM](/cloudflare-one/identity/users/scim/).
+
+### Prerequisites
+
+Your identity provider must support SCIM version 2.0.
+
+### 1. Enable SCIM in Zero Trust
+
+<Render
+	file="access/enable-scim-on-dashboard"
+	params={{ idp: "IdP"}}
+/>
+
+### 2. Configure SCIM in the IdP
+
+Setup instructions vary depending on the identity provider. In your identity provider, you will either need to edit the original [SSO application](#1-create-an-application-in-your-identity-provider) or create a new SCIM application. Refer to your identity provider's documentation for more details. For example instructions, refer to our [Okta](/cloudflare-one/identity/idp-integration/okta/#synchronize-users-and-groups) or [JumpCloud](/cloudflare-one/identity/idp-integration/jumpcloud-saml/#synchronize-users-and-groups) guides.
+
+### 3. Verify SCIM provisioning
+
+<Render file="access/verify-scim-provisioning"/>
+
 ## Optional configurations
 
 SAML integrations allow you to pass additional headers or claims to applications.
