[IAM] Update dash SCIM docs with new API token role (#18161)

mcescalante · Mike Escalante · web-flow · commit daa0d217977a · 2024-11-13T16:50:40.000-08:00
- Add new SCIM Provisioning API token role to SCIM setup docs
- Add note recommending Account Owned Tokens for SCIM
- Improve wording in API token creation fundamentals and add links

Co-authored-by: Mike Escalante &lt;mcescalante@cloudflare.com&gt;
diff --git a/src/content/docs/fundamentals/setup/account/account-security/scim-setup.mdx b/src/content/docs/fundamentals/setup/account/account-security/scim-setup.mdx
@@ -23,7 +23,7 @@ Currently, we only provide SCIM support for Enterprise customers, and for Micros
 
 :::note
 
-Accounts provisioned with SCIM need to verify their email addresses. 
+Accounts provisioned with SCIM need to verify their email addresses.
 :::
 
 ---
@@ -32,14 +32,16 @@ Accounts provisioned with SCIM need to verify their email addresses.
 
 1. [Create an API token](/fundamentals/api/get-started/create-token/) with the following permissions:
 
-   | Type    | Item             | Permission |
-   | ------- | ---------------- | ---------- |
-   | Account | Account Settings | Read       |
-   | Account | Account Settings | Edit       |
-   | User    | Memberships      | Read       |
-   | User    | Memberships      | Edit       |
+   | Type    | Item              | Permission |
+   | ------- | ----------------- | ---------- |
+   | Account | SCIM Provisioning | Edit       |
 
-2. Under **Account Resources**, select the specific account to include or exclude from the dropdown menu.
+   :::note
+
+   Cloudflare recommends using Account Owned API tokens, but User API tokens are also supported.
+   :::
+
+2. Under **Account Resources**, select the specific account to include or exclude from the dropdown menu, if applicable.
 
 3. Select **Continue to summary**.
 
diff --git a/src/content/partials/fundamentals/create-token.mdx b/src/content/partials/fundamentals/create-token.mdx
@@ -13,7 +13,7 @@ Before you begin, [find your zone and account IDs](/fundamentals/setup/find-acco
 
 :::
 
-1. Determine if you want a user token or an account owned token. If you are developing a new service that you want multiple superadministrators to use and the endpoints that you are calling are compatible with account owned tokens, the option exists to use account tokens that are not connected to a specific user.
+1. Determine if you want a user token or an [Account Owned Token](/fundamentals/api/get-started/account-owned-tokens/). Use Account Owned Tokens if you prefer service tokens that are not associated with users and your [desired API endpoints are compatible](/fundamentals/api/get-started/account-owned-tokens/#compatibility-matrix).
 
 2. From the [Cloudflare dashboard](https://dash.cloudflare.com/profile/api-tokens/), go to **My Profile** > **API Tokens** for user tokens. For Account Tokens, go to **Manage Account** > **API Tokens**.
 
