Applying Adam's feedback

dcpena · AdamBouhmad · web-flow · commit bbdebeb574d9 · 2025-05-30T10:28:59.000-05:00
Co-authored-by: Adam Bouhmad &lt;adbouhmad@gmail.com&gt;
diff --git a/src/content/docs/fundamentals/account/account-security/scim-setup/entra.mdx b/src/content/docs/fundamentals/account/account-security/scim-setup/entra.mdx
@@ -19,14 +19,13 @@ sidebar:
 3. Enter your API token value and the tenant URL: `https://api.cloudflare.com/client/v4/accounts/<your_account_ID>/scim/v2`.
 4. Select **Test Connection**, then select **Save**.
 
-## Configure user permissions in Microsoft Entra ID
+## Configure user & group sync in Microsoft Entra ID application
 
 1. Once the SCIM application is created, [assign users and groups to the application](https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/assign-user-or-group-access-portal?pivots=portal).
 
 :::note
-You must have opted into the Cloudflare User Groups Public Beta to synchronize groups from Okta to Cloudflare. Refer to the [User Groups](/fundamentals/setup/manage-members/user-groups/) documentation for more information.
+You must have opted into the Cloudflare User Groups Public Beta to synchronize groups from Microsoft Entra to Cloudflare. Refer to the [User Groups](/fundamentals/setup/manage-members/user-groups/) documentation for more information.
 
-Currently, groups need to match a specific format to provision specific Cloudflare account-level roles. Cloudflare is in the process of adding Cloudflare Groups, which can take in freeform group names in the future.
 :::
 
 2. To begin syncing your Users & Groups into Cloudflare, navigate back to **Provisioning**, and under **Provisioning Status**, check *On*, then select **Save**. 
@@ -35,9 +34,8 @@ Currently, groups need to match a specific format to provision specific Cloudfla
 To successfully provision with Microsoft Entra ID, the `user principal name` and `email` fields must match. These values are case-sensitive.
 :::
 
-3. To check which users and groups were synchronized, select **Provisioning logs**. 
-4. To verify the integration, select **Provisioning Logs** in Entra ID application, and check the Cloudflare Dash Audit Logs by navigating to **Manage Account** > **Audit Log**. 
-5. To grant permissions to Users & Groups in Cloudflare, refer to the Permission Policies guide.
+3. To validate which users and groups were synchronized, select **Provisioning logs** in Microsoft Entra. You can also check the Cloudflare Dashboard Audit Logs by navigating to **Manage Account** > **Audit Log**. 
+4. To grant permissions to Users & Groups in Cloudflare, refer to the Permission Policies guide.
 
 
 ## (Optional) Automate Cloudflare's SCIM integration
diff --git a/src/content/docs/fundamentals/account/account-security/scim-setup/index.mdx b/src/content/docs/fundamentals/account/account-security/scim-setup/index.mdx
@@ -14,8 +14,6 @@ This section covers SCIM provisioning for the Cloudflare dashboard only. If you
 ## Limitations
 
 - If a user is the only Super Administrator on an Enterprise account, they will not be deprovisioned.
-- Cloudflare currently only supports [Account-scoped Roles](/fundamentals/manage-members/roles/#account-scoped-roles) and does not support Domain-scoped Roles provisioning via SCIM.
-- Cloudflare does not allow custom user groups.
 
 ## Prerequisites
 
diff --git a/src/content/docs/fundamentals/account/account-security/scim-setup/okta.mdx b/src/content/docs/fundamentals/account/account-security/scim-setup/okta.mdx
@@ -30,7 +30,7 @@ The **Update User Attributes** option is not supported.
 5. Deselect **Import Groups**.
 
 
-## Set up your SCIM users and groups
+## Configure user & group sync in Okta
 
 1. In **Provisioning to App**, select **Edit**.
 2. Enable **Create Users** and **Deactivate Users**. Select **Save**.
diff --git a/src/content/docs/fundamentals/manage-members/user-groups.mdx b/src/content/docs/fundamentals/manage-members/user-groups.mdx
@@ -9,7 +9,7 @@ sidebar:
 
 import { Tabs, TabItem } from '~/components';
 
-User Groups are a collection of [account members](/fundamentals/setup/manage-members/manage/) that are treated equally from an access control perspective. User Groups can be assigned roles, with individual members in the group receiving all permissions of the roles assigned to the User Group.
+User Groups are a collection of [account members](/fundamentals/setup/manage-members/manage/) that are treated equally from an access control perspective. User Groups can be assigned permission policies, with individual members in the group receiving all permissions of the roles assigned to the User Group.
 
 :::note
 If you use the Cloudflare Dashboard SCIM integration, you can sync Groups from an upstream Identity Provider via SCIM. This allows you to centralize user and group management at your identity provider.
@@ -36,11 +36,11 @@ With your Group created, you can now add a [Permission Policy](/fundamentals/set
 
 1. In the **Groups** tab under **Permission policies**, select **Add a Policy**. 
 2. Specify the scope and permissions you want applied to the members of the group.
-3. Select **Create Policy** to apply it to the group. You return to the **Permission policies** for your Group.
+3. Select **Create Policy** to apply it to the group.
 
 </TabItem> <TabItem label="API">
 
-Using the role identifiers from the previous section, you can create a group policy.
+Using the role identifiers from the previous section, you can create a permission policy for your group.
 
 `export ADMIN_ROLE='...' # id field from admin or desired role entry from permission_groups API response`
 
