PCX-14656

cloudflare · Nov 18, 2024 · bd7e7c9 · bd7e7c9
1 parent 026be8d
commit bd7e7c9
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/src/content/partials/cloudflare-one/access/enable-scim-on-dashboard.mdx b/src/content/partials/cloudflare-one/access/enable-scim-on-dashboard.mdx
@@ -13,11 +13,14 @@ import { Markdown } from "~/components"
 
 3. Turn on **Enable SCIM**{props.and}**{props.supportgroups}**.
 
-4. (Optional) Turn on the following settings:
+4. (Optional) Configure the following settings:
 
-* **Enable user deprovisioning**: [Revoke a user's active session](/cloudflare-one/identity/users/session-management/#per-user) when they are removed from the SCIM application in {props.idp}. This will invalidate all active Access sessions and prompt for reauthentication for any Gateway WARP session policies.
+* **Enable user deprovisioning**: [Revoke a user's active session](/cloudflare-one/identity/users/session-management/#per-user) when they are removed from the SCIM application in {props.idp}. This will invalidate all active Access sessions and prompt for reauthentication for any [WARP session policies](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions/).
 * **Remove user seat on deprovision**: [Remove a user's seat](/cloudflare-one/identity/users/seat-management/) from your Zero Trust account when they are removed from the SCIM application in {props.idp}.
-* **Enable group membership change reauthentication**: [Revoke a user's active session](/cloudflare-one/identity/users/session-management/#per-user) when their group membership changes in {props.idp}. This will invalidate all active Access sessions and prompt for reauthentication for any Gateway WARP session policies. Access will read the user's updated group membership when they reauthenticate.
+* **SCIM identity update behavior**: Choose what happens in Zero Trust when the user's identity updates in {props.idp}.
+	- _Automatic identity updates_: Automatically update the user's identity when {props.idp} sends an updated identity or group membership through SCIM.
+	- _Group membership change reauthentication_: [Revoke a user's active session](/cloudflare-one/identity/users/session-management/#per-user) when their group membership changes in {props.idp}. This will invalidate all active Access sessions and prompt for reauthentication for any [WARP session policies](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions/). Access will read the user's updated group membership when they reauthenticate.
+	- _No action_: Update the user's identity the next time they reauthenticate to Access or WARP.
 
 5. Select **Save**.