PCX-16041

Author: ranbel

src/content/docs/cloudflare-one/identity/idp-integration/generic-oidc.mdx

@@ -125,7 +125,7 @@ Your identity provider must support SCIM version 2.0.
 
 ### 1. Enable SCIM in Zero Trust
 
-<Render file="access/enable-scim-on-dashboard" params={{ idp: "IdP" }} />
+<Render file="access/enable-scim-on-dashboard" params={{ idp: "OIDC" }} />
 
 ### 2. Configure SCIM in the IdP
 

src/content/docs/cloudflare-one/identity/idp-integration/generic-saml.mdx

@@ -103,7 +103,7 @@ Your identity provider must support SCIM version 2.0.
 
 ### 1. Enable SCIM in Zero Trust
 
-<Render file="access/enable-scim-on-dashboard" params={{ idp: "IdP" }} />
+<Render file="access/enable-scim-on-dashboard" params={{ idp: "SAML" }} />
 
 ### 2. Configure SCIM in the IdP
 

src/content/partials/cloudflare-one/access/enable-scim-on-dashboard.mdx

@@ -8,17 +8,19 @@ import { Markdown } from "~/components"
 
 1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **Authentication**.
 
-2. Find the {props.idp} integration and select **Edit**.
+2. Find your {props.idp} integration and select **Edit**.
 
 3. Turn on **Enable SCIM** {props.supportgroups && <span> and <strong>{props.supportgroups}</strong>.</span>}
 
 4. (Optional) Configure the following settings:
 
-* **Enable user deprovisioning**: [Revoke a user's active session](/cloudflare-one/identity/users/session-management/#per-user) when they are removed from the SCIM application in {props.idp}. This will invalidate all active Access sessions and prompt for reauthentication for any [WARP session policies](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions/).
-* **Remove user seat on deprovision**: [Remove a user's seat](/cloudflare-one/identity/users/seat-management/) from your Zero Trust account when they are removed from the SCIM application in {props.idp}.
-* **SCIM identity update behavior**: Choose what happens in Zero Trust when the user's identity updates in {props.idp}.
-	- _Automatic identity updates_: Automatically update the [User Registry identity](/cloudflare-one/insights/logs/users/) when {props.idp} sends an updated identity or group membership through SCIM. This identity is used for Gateway policies and WARP [device profiles](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/); Access will read the user's updated identity when they reauthenticate.
-	- _Group membership change reauthentication_: [Revoke a user's active session](/cloudflare-one/identity/users/session-management/#per-user) when their group membership changes in {props.idp}. This will invalidate all active Access sessions and prompt for reauthentication for any [WARP session policies](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions/). Access will read the user's updated group membership when they reauthenticate.
+* **Enable user deprovisioning**: [Revoke a user's active session](/cloudflare-one/identity/users/session-management/#per-user) when they are removed from the SCIM application in your IdP. This will invalidate all active Access sessions and prompt for reauthentication for any [WARP session policies](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions/).
+
+	If a user is deprovisioned via SCIM as a result of being disabled in your IdP, but then later re-enabled, Access will reactivate their SCIM user resource. As a result, if the user is disabled in the future, they will be successfully deprovisioned.
+* **Remove user seat on deprovision**: [Remove a user's seat](/cloudflare-one/identity/users/seat-management/) from your Zero Trust account when they are removed from the SCIM application in your IdP.
+* **SCIM identity update behavior**: Choose what happens in Zero Trust when the user's identity updates in your IdP.
+	- _Automatic identity updates_: Automatically update the [User Registry identity](/cloudflare-one/insights/logs/users/) when your IdP sends an updated identity or group membership through SCIM. This identity is used for Gateway policies and WARP [device profiles](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/); Access will read the user's updated identity when they reauthenticate.
+	- _Group membership change reauthentication_: [Revoke a user's active session](/cloudflare-one/identity/users/session-management/#per-user) when their group membership changes in your IdP. This will invalidate all active Access sessions and prompt for reauthentication for any [WARP session policies](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions/). Access will read the user's updated group membership when they reauthenticate.
 	- _No action_: Update the user's identity the next time they reauthenticate to Access or WARP.
 
 5. Select **Save**.