diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx b/src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx
index 0468ee5f1511fa..d76103e1cd7297 100644
--- a/src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx
+++ b/src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx
@@ -222,7 +222,7 @@ SCIM requires a separate enterprise application from the one created during [ini
12. On the **Provisioning** page, select **Start provisioning**. You will see the synchronization status in Entra ID.
-To check which users and groups were synchronized, select **View provisioning logs**.
+To check which users and groups were synchronized, select **View provisioning logs** in Entra ID.
diff --git a/src/content/docs/cloudflare-one/insights/logs/scim-logs.mdx b/src/content/docs/cloudflare-one/insights/logs/scim-logs.mdx
new file mode 100644
index 00000000000000..865043605d0cd6
--- /dev/null
+++ b/src/content/docs/cloudflare-one/insights/logs/scim-logs.mdx
@@ -0,0 +1,35 @@
+---
+pcx_content_type: reference
+title: SCIM activity logs
+sidebar:
+ order: 3
+ label: SCIM logs
+---
+
+import { Render } from "~/components";
+
+SCIM activity logs allow administrators to audit how [SCIM provisioning](/cloudflare-one/identity/users/scim/) events in an identity provider (such as create, update, and delete) affect a user's identity and group membership in Zero Trust. You can compare your Zero Trust SCIM logs with your identity provider's SCIM logs to track how identity data is shared between the two services and pinpoint the source of any provisioning errors.
+
+## View SCIM logs
+
+For an overview of SCIM events across all users, log in to [Zero Trust](https://one.dash.cloudflare.com/) and go to **Logs** > **SCIM provisioning**. This page lists the inbound SCIM requests from all identity providers configured with SCIM. You can select an individual request to view more details about the SCIM operation.
+
+To investigate how SCIM events impacted a specific user, go to their [User Registry identity](/cloudflare-one/insights/logs/users/).
+
+
+
+## Log fields
+
+SCIM provisioning logs show the following information for each inbound SCIM request:
+
+- **IdP name**: Name of the identity provider
+- **Timestamp**: Date and time of the request
+- **Action**: HTTP request method (`POST`, `PUT`, `PATCH`, `DELETE`)
+- **User email**: User who received the SCIM identity update
+- **Group name**: Group that received the SCIM identity update
+- **Resource type**: SCIM resource that was modified (`GROUP` or `USER`)
+- **CF resource ID**: Persistent identifier for the user or group created by Cloudflare SCIM
+- **IDP resource ID**: Identifier for the user or group provided by the identity provider
+- **Outcome**: Whether the SCIM request was applied successfully (`SUCCESS` or `ERROR`)
+- **Request body**: HTTP request body containing the data that was added, modified, or removed
+- **JSON log**: SCIM request log in JSON format
diff --git a/src/content/partials/cloudflare-one/access/scim-requires-login.mdx b/src/content/partials/cloudflare-one/access/scim-requires-login.mdx
new file mode 100644
index 00000000000000..a8ae848c3b6ea8
--- /dev/null
+++ b/src/content/partials/cloudflare-one/access/scim-requires-login.mdx
@@ -0,0 +1,7 @@
+---
+{}
+---
+
+:::note
+New users must first [register the WARP client](/cloudflare-one/connections/connect-devices/warp/deployment/manual-deployment/) or authenticate to an Access application before SCIM provisioning can begin.
+:::
\ No newline at end of file
diff --git a/src/content/partials/cloudflare-one/access/verify-scim-provisioning.mdx b/src/content/partials/cloudflare-one/access/verify-scim-provisioning.mdx
index 7eea399f61b64d..d4346aac2128f6 100644
--- a/src/content/partials/cloudflare-one/access/verify-scim-provisioning.mdx
+++ b/src/content/partials/cloudflare-one/access/verify-scim-provisioning.mdx
@@ -2,8 +2,8 @@
{}
---
-To check if a user's identity was updated in Zero Trust, view their [User Registry identity](/cloudflare-one/insights/logs/users/).
+import { Render } from "~/components";
-:::note
-New users must first register the WARP client or authenticate to an Access application before SCIM provisioning can begin.
-:::
\ No newline at end of file
+To check if user identities were updated in Zero Trust, view your [SCIM provisioning logs](/cloudflare-one/insights/logs/scim-logs/).
+
+
\ No newline at end of file