From 3f66c7276811229b45e842c564f17c9fdbb039b6 Mon Sep 17 00:00:00 2001
From: kennyj42 <73258453+kennyj42@users.noreply.github.com>
Date: Tue, 22 Oct 2024 10:27:53 -0500
Subject: [PATCH 1/2] Update entra-id.mdx

---
 .../docs/cloudflare-one/identity/idp-integration/entra-id.mdx   | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx b/src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx
index 373ccdfea8d331..84a346b2a1042f 100644
--- a/src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx
+++ b/src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx
@@ -139,6 +139,8 @@ SCIM requires a separate enterprise application from the one created during [ini
 
 5. Once the SCIM application is created, [assign users and groups to the application](https://learn.microsoft.com/entra/identity/enterprise-apps/assign-user-or-group-access-portal).
 
+**Note:** Ensure that all groups used in policy evaluation and device profiles are included in the SCIM assignment. SCIM group membership updates will overwrite any groups on a user for policy evaluation.
+
 6. Go to **Provisioning** and select **Get started**.
 
 7. For **Provisioning Mode**, choose _Automatic_.

From 6ada4538231d7d5f88bbb29cc10801541f808833 Mon Sep 17 00:00:00 2001
From: ranbel <101146722+ranbel@users.noreply.github.com>
Date: Wed, 23 Oct 2024 13:20:58 -0400
Subject: [PATCH 2/2] Update entra-id.mdx

---
 .../docs/cloudflare-one/identity/idp-integration/entra-id.mdx | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx b/src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx
index 84a346b2a1042f..8761edba2dbb70 100644
--- a/src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx
+++ b/src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx
@@ -139,7 +139,9 @@ SCIM requires a separate enterprise application from the one created during [ini
 
 5. Once the SCIM application is created, [assign users and groups to the application](https://learn.microsoft.com/entra/identity/enterprise-apps/assign-user-or-group-access-portal).
 
-**Note:** Ensure that all groups used in policy evaluation and device profiles are included in the SCIM assignment. SCIM group membership updates will overwrite any groups on a user for policy evaluation.
+	:::note
+	Groups in this SCIM application should match the groups in your other [Cloudflare Access enterprise application](/cloudflare-one/identity/idp-integration/entra-id/#set-up-entra-id-as-an-identity-provider). Because SCIM group membership updates will overwrite any groups in a user's identity, assigning the same groups to each app ensures consistent policy evaluation.
+	:::
 
 6. Go to **Provisioning** and select **Get started**.