docs: update glossary

JTorreG · JTorreG · commit 69fc4f91805b · 2025-09-15T17:12:42.000+01:00
diff --git a/content/nginxaas-google/glossary.md b/content/nginxaas-google/glossary.md
@@ -18,8 +18,9 @@ This document provides definitions for terms and acronyms commonly used in F5 NG
 | Network attachment       | A Google Cloud resource that enables a VM instance to connect to a VPC network. [More information](https://cloud.google.com/vpc/docs/about-network-attachments).   |
 | VPC network              | A Virtual Private Cloud (VPC) network is a virtual version of a physical network, implemented within Google Cloud. It provides networking functionality for your Google Cloud resources. [More information](https://cloud.google.com/vpc/docs/vpc). |
 | NGINXaas Account        | Represents a Google Cloud procurement with an active Marketplace NGINXaaS subscription, linked to a billing account. To create an account, see the signup documentation in [prerequisites]({{< ref "/nginxaas-google/getting-started/prerequisites.md" >}}). |
-| User | A user is anyone who has access to an NGINXaaS Account through their Google Identity. The same Google Identity can be added to multiple NGINXaaS Accounts, but it is treated as a different user in each account. |
-| Authorized Domains | The list of Google Identity domains (for example, "example.com") allowed to access an NGINXaaS Account using Google authentication. <br> - By default, an NGINXaaS Account has an empty authorized domains field, which means that anyone can log in to the account, if added as a user. <br> - Configuring this field allows you to control which organizations (based on their email domains) are allowed to log in to the NGINXaaS Account. This restricts access to only users from trusted companies or groups, and prevents unauthorized domains from accessing resources in the account. <br> - When updating authorized domains, you cannot make an update if it would prevent any existing user from logging in. This ensures that no current users are accidentally locked out of the account. |
+| NGINXaaS User | NGINXaaS Users are granted access to all resources in the NGINXaaS Account. User authentication is performed securely via Google Cloud, requiring a matching identity. Individuals can be added as users to multiple NGINXaaS Accounts, and can switch between them using the steps documented below. |
+| Authorized Domains |  The list of domains allowed to authenticate into the NGINXaaS Account using Google authentication.
+   <br>- This can be used to restrict access to Google identities within your Google Cloud Organization or Google Workspace, or other known, trusted Workspaces. For example, your Google Cloud Organization may have users created under the `example.com` domain. By setting the Authorized Domains in your NGINXaaS Account to only allow `example.com`, users attempting to log in with the same email associated with `alternative.net` Google Workspace would not be authenticated. |
 
 
 {{</table>}}
