diff --git a/src/content/partials/cloudflare-one/access/enable-scim-on-dashboard.mdx b/src/content/partials/cloudflare-one/access/enable-scim-on-dashboard.mdx index b245df00bafb85..27004a68061327 100644 --- a/src/content/partials/cloudflare-one/access/enable-scim-on-dashboard.mdx +++ b/src/content/partials/cloudflare-one/access/enable-scim-on-dashboard.mdx @@ -13,11 +13,14 @@ import { Markdown } from "~/components" 3. Turn on **Enable SCIM**{props.and}**{props.supportgroups}**. -4. (Optional) Turn on the following settings: +4. (Optional) Configure the following settings: -* **Enable user deprovisioning**: [Revoke a user's active session](/cloudflare-one/identity/users/session-management/#per-user) when they are removed from the SCIM application in {props.idp}. This will invalidate all active Access sessions and prompt for reauthentication for any Gateway WARP session policies. +* **Enable user deprovisioning**: [Revoke a user's active session](/cloudflare-one/identity/users/session-management/#per-user) when they are removed from the SCIM application in {props.idp}. This will invalidate all active Access sessions and prompt for reauthentication for any [WARP session policies](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions/). * **Remove user seat on deprovision**: [Remove a user's seat](/cloudflare-one/identity/users/seat-management/) from your Zero Trust account when they are removed from the SCIM application in {props.idp}. -* **Enable group membership change reauthentication**: [Revoke a user's active session](/cloudflare-one/identity/users/session-management/#per-user) when their group membership changes in {props.idp}. This will invalidate all active Access sessions and prompt for reauthentication for any Gateway WARP session policies. Access will read the user's updated group membership when they reauthenticate. +* **SCIM identity update behavior**: Choose what happens in Zero Trust when the user's identity updates in {props.idp}. + - _Automatic identity updates_: Automatically update the user's identity when {props.idp} sends an updated identity or group membership through SCIM. + - _Group membership change reauthentication_: [Revoke a user's active session](/cloudflare-one/identity/users/session-management/#per-user) when their group membership changes in {props.idp}. This will invalidate all active Access sessions and prompt for reauthentication for any [WARP session policies](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions/). Access will read the user's updated group membership when they reauthenticate. + - _No action_: Update the user's identity the next time they reauthenticate to Access or WARP. 5. Select **Save**.