user-groups and permission policies beta changelog entry (cloudflare#22755)

* user-groups and permission policies beta changelog entry

* Update deprecation notice in the Changelog

* Update 2025-06-02-user-groups-beta.mdx

* copy edits based on feedback

* Corrections

* Apply suggestions from code review

* Update src/content/changelog/fundamentals/2025-06-02-user-groups-beta.mdx

---------

Co-authored-by: kodster28 <[email protected]>
Co-authored-by: Denise Pena <[email protected]>
Co-authored-by: Kody Jackson <[email protected]>

Author: 3 people

src/assets/images/changelog/fundamentals/2025-06-02-permissions-policy-ux.png

@@ -0,0 +1,34 @@
+---
+title: Cloudflare User Groups & Enhanced Permission Policies are now in Beta
+description: Simplifying the management of users, groups, and permissions within Cloudflare.
+products:
+  - fundamentals
+date: 2025-06-02
+---
+
+We're excited to announce the Public Beta launch of **User Groups for Cloudflare Dashboard** and **System for Cross Domain Identity Management (SCIM) User Groups**, expanding our RBAC capabilities to simplify user and group management at scale.
+
+We've also visually overhauled the **Permission Policies UI** to make defining permissions more intuitive.
+
+**What's New**
+
+**User Groups [BETA]**: [User Groups](/fundamentals/manage-members/user-groups/) are a new Cloudflare IAM primitive that enable administrators to create collections of account members that are treated equally from an access control perspective. User Groups can be assigned permission policies, with individual members in the group inheriting all permissions granted to the User Group. User Groups can be created manually, via our APIs, or Terraform.
+
+**SCIM User Groups [BETA]**: Centralize & simplify your user and group management at scale by syncing memberships directly from your upstream identity provider (like Okta or Entra ID) to the Cloudflare Platform. This ensures Cloudflare stays in sync with your identity provider, letting you apply Permission Policies to those synced groups directly within the Cloudflare Dashboard.
+
+:::note
+SCIM Virtual Groups (identified by the pattern `CF-<accountID>-<Role Name>` in your IdP) are deprecated as of 06/02/25. We recommend migrating SCIM Virtual Groups implementations to use [SCIM User Groups](/fundamentals/account/account-security/scim-setup/). If you did not use Virtual Groups, no action is needed.
+:::
+
+**Revamped Permission Policies UI [BETA]**: As Cloudflare's services have grown, so has the need for precise, role-based access control. We've given the Permission Policies builder a visual overhaul to make it much easier for administrators to find and define the exact permissions they want for specific principals.
+
+![Updated Permissions Policy UX](~/assets/images/changelog/fundamentals/2025-06-02-permissions-policy-ux.png)
+
+:::note
+When opting into the Beta for User Groups and Permission Policies, you'll be transitioning to a new experience. Please be aware that opting out isn't currently available.
+:::
+
+For more info:
+
+- [Get started with User Groups](/fundamentals/manage-members/user-groups/)
+- [Explore our SCIM integration guide](/fundamentals/account/account-security/scim-setup/)